[rabbitmq-discuss] RabbitMQ ACL suggestions?
Jason J. W. Williams
jasonjwwilliams at gmail.com
Wed Jul 6 20:39:13 BST 2011
On Wed, Jul 6, 2011 at 3:51 AM, Simon MacMullen <simon at rabbitmq.com> wrote:
> On 06/07/11 01:28, Jason J. W. Williams wrote:
>> What form will this take? Is it going to be a new flag, or will API
>> access no longer required the "admin" flag?
> API access never required the admin flag in =< 2.5.1, just that non-admins
> can only see their own stuff, and can't see broker-wide info at all.
Ah OK. Thanks for the clarification.
> The admin flag has been replaced by a "tags" field for users. Users can be
> given arbitrary tags within rabbitmq-server. rabbitmq-management then checks
> for the following tags:
> "administrator" (do everything, same as admin before)
> "monitoring" (look at everything, but only touch your own stuff)
> "management" (limited access to mgmt, same as non-admin before)
> Note also that by giving a user no tags you can lock them out of mgmt
> completely. This would be useful if (for example) you use secret queue names
> as capabilities.
This is very cool.
> Also, any idea on the rev #?
OK, I'll keep an eye out for it in the next release. Updating the book's
chapter about the API. Thank you very much for your help.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the rabbitmq-discuss