Show Table of Contents
8.3.6. ACL Syntax
ACL rules must be on a single line and follow this syntax:
acl permission {<group-name>|<user-name>|"all"} {action|"all"} [object|"all"] [property=<property-value>]
In ACL files, the following syntactic conventions apply:
- The default (anonymous) exchange is identified using
name=amq.default. - A line starting with the
#character is considered a comment and is ignored. - Empty lines and lines that contain only whitespace are ignored
- All tokens are case sensitive.
name1is not the same asName1andcreateis not the same asCREATE - Group lists can be extended to the following line by terminating the line with the
\character - Additional whitespace - that is, where there is more than one whitespace character - between and after tokens is ignored. Group and ACL definitions must start with either
grouporacland with no preceding whitespace. - All ACL rules are limited to a single line
- Rules are interpreted from the top of the file down until the name match is obtained; at which point processing stops.
- The keyword
allmatches all individuals, groups and actions - The last line of the file - whether present or not - will be assumed to be
acl deny all all. If present in the file, all lines below it are ignored. - Names and group names may contain only
a-z,A-Z,0-9,-and_ - Rules must be preceded by any group definitions they can use. Any name not defined as a group will be assumed to be that of an individual.
- Qpid fails to start if ACL file is not valid
- ACL rules can be reloaded at runtime by calling a QMF method
See Also:
Where did the comment section go?
Red Hat's documentation publication system recently went through an upgrade to enable speedier, more mobile-friendly content. We decided to re-evaluate our commenting platform to ensure that it meets your expectations and serves as an optimal feedback mechanism. During this redesign, we invite your input on providing feedback on Red Hat documentation via the discussion platform.