[rabbitmq-discuss] RabbitMQ ACL suggestions?

Simon MacMullen simon at rabbitmq.com
Wed Jul 6 10:51:06 BST 2011


On 06/07/11 01:28, Jason J. W. Williams wrote:
> What form will this take? Is it going to be a new flag, or will API
> access no longer required the "admin" flag?

API access never required the admin flag in =< 2.5.1, just that 
non-admins can only see their own stuff, and can't see broker-wide info 
at all.

The admin flag has been replaced by a "tags" field for users. Users can 
be given arbitrary tags within rabbitmq-server. rabbitmq-management then 
checks for the following tags:

"administrator" (do everything, same as admin before)
"monitoring" (look at everything, but only touch your own stuff)
"management" (limited access to mgmt, same as non-admin before)

Note also that by giving a user no tags you can lock them out of mgmt 
completely. This would be useful if (for example) you use secret queue 
names as capabilities.

> Also, any idea on the rev #?

Well, it's landed on default now, but you'll need default of everything. 
Not sure what all the revision numbers are.

Cheers, Simon
-- 
Simon MacMullen
RabbitMQ, VMware


More information about the rabbitmq-discuss mailing list