[rabbitmq-discuss] User permission
Matthias Radestock
matthias at rabbitmq.com
Thu May 30 13:52:16 BST 2013
On 29/05/13 11:13, Slyth wrote:
> I think there has to be a better solution or not?
>
> Is it the best solution that I need for every user a new vhost or is it
> better to use one vhost and use regex to manage the access?
>
> Would you use the same solution?
The answer, as is so often the case, is "it depends".
The main downside to a set up with lots of vhosts is that a) messages
cannot get routed to multiple vhost, and b) any client that needs access
to multiple vhosts requires a separate connection to each.
From the little you have told us about the requirements, (a) is not
really an issue, since it appears that your applications will only ever
send messages to their "own" queue and the single 'special' queue..
But (b) might bite you. In particular, you stated that "I should have
full access (c+w+r) [to all queues]", which implies that there is some
privileged users that needs to be able to work across all the user
queues. With the vhost-per-user design that would require that user to
establish one connection per user, which is tedious and resource consuming.
Matthias.
More information about the rabbitmq-discuss
mailing list