You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@qpid.apache.org by "Carl Trieloff (JIRA)" <qp...@incubator.apache.org> on 2010/05/11 16:49:43 UTC
[jira] Issue Comment Edited: (QPID-2539) Update ACL file syntax to
be clearer and add extra operations
[ https://issues.apache.org/jira/browse/QPID-2539?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12866166#action_12866166 ]
Carl Trieloff edited comment on QPID-2539 at 5/11/10 10:49 AM:
---------------------------------------------------------------
Is ADMIN not just a group of users with a specifc set of permissions assigned?
Is CONNECT not just allow access virtualhost ?
I think LOG is already covered with METHOD, maybe we should walk through an example for JMX admin and QMF Admin and see if it covers all the cases that are being thought about. If not we should add those to the METHOD call.
" LOG allows changing the log4j levels and USER grants the ability to add/delete users. " Is use not a broker tangental concept. I know Java broker supports a user create call. In my view with QMF, this should be modeled with a QMF user schema and then if that object is supplied by the broker or something external it makes no diff.
Then all the permissions can be applied to all the methods on that schema using the METHOD object. This would keep things 100% consistent. i.e. controlling setting log level, adding users etc all sound like METHOD permissions.
Carl.
was (Author: cctrieloff):
Is ADMIN not just a group of users with a specifc set of permissions assigned?
Is CONNECT not just allow access virtualhost ?
I think LOG is already covered with METHOD, maybe we should walk through an example for JMX admin and QMF Admin and see if it covers all the cases that are being thought about. If not we should add those to the METHOD call.
" LOG allows changing the log4j levels and USER grants the ability to add/delete users. " Is use not an broker tangental concept. I know Java broker supports a user create call. In my view with QMF, this should be modeled with a QMF user schema and then if that object is supplied by the broker or something external it makes no diff.
The all the permissions can be applied to all the methods on that schema using the METHOD object. This would keep things 100% consistent. i.e. controlling setting log level, adding users etc all sound like METHOD permissions.
Carl.
> Update ACL file syntax to be clearer and add extra operations
> -------------------------------------------------------------
>
> Key: QPID-2539
> URL: https://issues.apache.org/jira/browse/QPID-2539
> Project: Qpid
> Issue Type: Sub-task
> Components: Java Broker
> Reporter: Andrew Kennedy
> Fix For: 0.7
>
>
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project: http://qpid.apache.org
Use/Interact: mailto:dev-subscribe@qpid.apache.org