You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@qpid.apache.org by ro...@apache.org on 2012/09/02 16:35:00 UTC
svn commit: r1379981 -
/qpid/trunk/qpid/doc/book/src/java-broker/Configure-ACLs.xml
Author: robbie
Date: Sun Sep 2 14:35:00 2012
New Revision: 1379981
URL: http://svn.apache.org/viewvc?rev=1379981&view=rev
Log:
QPID-4236,QPID-4237: update the ACL examples to reflect permissioning of the new USER objects and actions via the HTTP management interface
Modified:
qpid/trunk/qpid/doc/book/src/java-broker/Configure-ACLs.xml
Modified: qpid/trunk/qpid/doc/book/src/java-broker/Configure-ACLs.xml
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/doc/book/src/java-broker/Configure-ACLs.xml?rev=1379981&r1=1379980&r2=1379981&view=diff
==============================================================================
--- qpid/trunk/qpid/doc/book/src/java-broker/Configure-ACLs.xml (original)
+++ qpid/trunk/qpid/doc/book/src/java-broker/Configure-ACLs.xml Sun Sep 2 14:35:00 2012
@@ -227,6 +227,14 @@
<entry> <para> A virtualhost (Java Broker only)</para> </entry>
</row>
<row>
+ <entry> <command>USER</command> </entry>
+ <entry> <para> A user (Java Broker only)</para> </entry>
+ </row>
+ <row>
+ <entry> <command>GROUP</command> </entry>
+ <entry> <para> A group (Java Broker only)</para> </entry>
+ </row>
+ <row>
<entry> <command>METHOD</command> </entry>
<entry> <para> Management or agent or broker method (Java Broker only)</para> </entry>
</row>
@@ -353,16 +361,16 @@
<para>
Suppose you wish to permission two users: a user 'operator' must be able to perform all Management operations, and
a user 'readonly' must be enable to perform only read-only functions. Neither 'operator' nor 'readonly'
- should be allow to connect for messaging.
+ should be allowed to connect clients for messaging.
</para>
<programlisting>
- # Give operator permission to execute all JMX Methods
- ACL ALLOW operator ALL METHOD
- # Give operator permission to execute only read-only JMX Methods
- ACL ALLOW readonly ACCESS METHOD
- # Deny operator/readonly permission to perform messaging.
- ACL DENY operator ACCESS VIRTUALHOST
- ACL DENY readonly ACCESS VIRTUALHOST
+ # Deny (loggged) operator/readonly permission to connect messaging clients.
+ ACL DENY-LOG operator ACCESS VIRTUALHOST
+ ACL DENY-LOG readonly ACCESS VIRTUALHOST
+ # Give operator permission to perfom all other actions
+ ACL ALLOW operator ALL ALL
+ # Give readonly permission to execute only read-only actions
+ ACL ALLOW readonly ACCESS ALL
...
... rules for other users
...
@@ -379,9 +387,12 @@
is allowed to perform user maintainence This example illustrates the permissioning of an individual component.
</para>
<programlisting>
- # Give operator permission to execute all JMX Methods
+ # Give usermaint permission to execute all JMX Methods on the
+ # UserManagement MBean and perform all actions for USER objects
ACL ALLOW usermaint ALL METHOD component="UserManagement"
+ ACL ALLOW usermaint ALL USER
ACL DENY ALL ALL METHOD component="UserManagement"
+ ACL DENY ALL ALL USER
...
... rules for other users
...
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org