[rabbitmq-discuss] Group/tag based access control

Lionel Cons lionel.cons at cern.ch
Wed Mar 21 11:01:32 GMT 2012


AFAIK, RabbitMQ's access control is user based. This can be cumbersome to
configure if you allow many different users as this requires many similar
permissions quintuples. It would be really nice to allow group based access
control, i.e. permissions applying to multiple users.

It seems that RabbitMQ has most of it already since it knows about user
tags. So what about extending the use of tags so that they can be used for
access control. I think that arbitrary tag names are already allowed so the
only missing thing is allowing permissions with tags.  Something like:

$ rabbitmqctl set_permissions -p /myvhost tag:foo "^bar-.*" ".*" ".*"

that would match any user with the tag "foo".

Cheers,

Lionel


More information about the rabbitmq-discuss mailing list