[rabbitmq-discuss] Debugging AD
Simon MacMullen
simon at rabbitmq.com
Wed Nov 30 17:41:54 GMT 2011
On 30/11/11 16:44, Ben Hood wrote:
> I now have a follow up question: is it possible to create two
> different groups in LDAP and assign them different levels of
> privileges within the Management frontend?
Yes - see
http://hg.rabbitmq.com/rabbitmq-auth-backend-ldap/file/rabbitmq_v2_7_0/README-authorisation
> I was thinking of having a group for admins who can do anything, and a
> group for people who should be able to look at statistical info, but
> can't do anything that would cause any messages to get binned (such as
> queue/exchange deletions, queue purges or queue binds/unbinds).
So the second group needs to have a tag_queries such that they get the
"monitoring" tag, and a resource_access_query that restricts them
from... well, from doing almost anything I guess.
Cheers, Simon
--
Simon MacMullen
RabbitMQ, VMware
More information about the rabbitmq-discuss
mailing list