[rabbitmq-discuss] RabbitMQ ACL suggestions?
Simon MacMullen
simon at rabbitmq.com
Wed Jul 6 10:51:06 BST 2011
On 06/07/11 01:28, Jason J. W. Williams wrote:
> What form will this take? Is it going to be a new flag, or will API
> access no longer required the "admin" flag?
API access never required the admin flag in =< 2.5.1, just that
non-admins can only see their own stuff, and can't see broker-wide info
at all.
The admin flag has been replaced by a "tags" field for users. Users can
be given arbitrary tags within rabbitmq-server. rabbitmq-management then
checks for the following tags:
"administrator" (do everything, same as admin before)
"monitoring" (look at everything, but only touch your own stuff)
"management" (limited access to mgmt, same as non-admin before)
Note also that by giving a user no tags you can lock them out of mgmt
completely. This would be useful if (for example) you use secret queue
names as capabilities.
> Also, any idea on the rev #?
Well, it's landed on default now, but you'll need default of everything.
Not sure what all the revision numbers are.
Cheers, Simon
--
Simon MacMullen
RabbitMQ, VMware
More information about the rabbitmq-discuss
mailing list