[rabbitmq-discuss] Debugging AD

• Previous message: [rabbitmq-discuss] Debugging AD
• Next message: [rabbitmq-discuss] Debugging AD
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 30/11/11 16:44, Ben Hood wrote:
> I now have a follow up question: is it possible to create two
> different groups in LDAP and assign them different levels of
> privileges within the Management frontend?

Yes - see 
http://hg.rabbitmq.com/rabbitmq-auth-backend-ldap/file/rabbitmq_v2_7_0/README-authorisation

> I was thinking of having a group for admins who can do anything, and a
> group for people who should be able to look at statistical info, but
> can't do anything that would cause any messages to get binned (such as
> queue/exchange deletions, queue purges or queue binds/unbinds).

So the second group needs to have a tag_queries such that they get the 
"monitoring" tag, and a resource_access_query that restricts them 
from... well, from doing almost anything I guess.

Cheers, Simon

-- 
Simon MacMullen
RabbitMQ, VMware

• Previous message: [rabbitmq-discuss] Debugging AD
• Next message: [rabbitmq-discuss] Debugging AD
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]