Show Table of Contents
8.3.5. Writing an Access Control List
- The user id in the ACL file is of the form <user-id>@<domain>. The Domain is configured via the SASL configuration for the broker, and the domain/realm for qpidd is set using
--realmand default to 'QPID'. - Each line in an ACL file grants or denies specific rights to a user.
- If the last line in an ACL file is
acl deny all all, the ACL uses deny mode, and only those rights that are explicitly allowed are granted:acl allow user@QPID all all acl deny all all
On this server, deny mode is the default.user@QPIDcan perform any action, but nobody else can. - If the last line in an ACL file is
acl allow all all, the ACL uses allow mode, and all rights are granted except those that are explicitly denied.acl deny user@QPID all all acl allow all all
On this server, allow mode is the default. The ACL allows everyone else to perform any action, but deniesuser@QPIDall permissions.
- ACL processing ends when one of the following lines is encountered:
acl allow all all
acl deny all all
Any lines after one of these statements will be ignored:acl allow all all acl deny user@QPID all all # This line is ignored !!!
- ACL syntax allows fine-grained access rights for specific actions:
acl allow carlt@QPID create exchange name=carl.* acl allow fred@QPID create all acl allow all consume queue acl allow all bind exchange acl deny all all
- An ACL file can define user groups, and assign permissions to them:
group admin ted@QPID martin@QPID acl allow admin create all acl deny all all
Where did the comment section go?
Red Hat's documentation publication system recently went through an upgrade to enable speedier, more mobile-friendly content. We decided to re-evaluate our commenting platform to ensure that it meets your expectations and serves as an optimal feedback mechanism. During this redesign, we invite your input on providing feedback on Red Hat documentation via the discussion platform.