[rabbitmq-discuss] RabbitMQ ACL suggestions?
Jason J. W. Williams
jasonjwwilliams at gmail.com
Wed Jul 6 20:39:13 BST 2011
On Wed, Jul 6, 2011 at 3:51 AM, Simon MacMullen <simon at rabbitmq.com> wrote:
> On 06/07/11 01:28, Jason J. W. Williams wrote:
>
>> What form will this take? Is it going to be a new flag, or will API
>> access no longer required the "admin" flag?
>>
>
> API access never required the admin flag in =< 2.5.1, just that non-admins
> can only see their own stuff, and can't see broker-wide info at all.
>
Ah OK. Thanks for the clarification.
>
> The admin flag has been replaced by a "tags" field for users. Users can be
> given arbitrary tags within rabbitmq-server. rabbitmq-management then checks
> for the following tags:
>
> "administrator" (do everything, same as admin before)
> "monitoring" (look at everything, but only touch your own stuff)
> "management" (limited access to mgmt, same as non-admin before)
>
> Note also that by giving a user no tags you can lock them out of mgmt
> completely. This would be useful if (for example) you use secret queue names
> as capabilities.
>
>
This is very cool.
>
> Also, any idea on the rev #?
>>
> <https://lists.rabbitmq.com/cgi-bin/mailman/listinfo/rabbitmq-discuss>
>
OK, I'll keep an eye out for it in the next release. Updating the book's
chapter about the API. Thank you very much for your help.
-J
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rabbitmq.com/pipermail/rabbitmq-discuss/attachments/20110706/d3311cd8/attachment.htm>
More information about the rabbitmq-discuss
mailing list