summaryrefslogtreecommitdiff
path: root/qpid/doc/book/src/java-broker
diff options
context:
space:
mode:
authorRobert Gemmell <robbie@apache.org>2012-09-02 14:35:00 +0000
committerRobert Gemmell <robbie@apache.org>2012-09-02 14:35:00 +0000
commit4a1dc8b1a772545b9854f6bf5c7a7d2514c24cde (patch)
treea4110a3705834d9cfc2828a2f9039889f77499a0 /qpid/doc/book/src/java-broker
parent295182e6051b5e871645bd193421909398da1ceb (diff)
downloadqpid-python-4a1dc8b1a772545b9854f6bf5c7a7d2514c24cde.tar.gz
QPID-4236,QPID-4237: update the ACL examples to reflect permissioning of the new USER objects and actions via the HTTP management interface
git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk@1379981 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'qpid/doc/book/src/java-broker')
-rw-r--r--qpid/doc/book/src/java-broker/Configure-ACLs.xml29
1 files changed, 20 insertions, 9 deletions
diff --git a/qpid/doc/book/src/java-broker/Configure-ACLs.xml b/qpid/doc/book/src/java-broker/Configure-ACLs.xml
index 8c50be27d9..637e343ce8 100644
--- a/qpid/doc/book/src/java-broker/Configure-ACLs.xml
+++ b/qpid/doc/book/src/java-broker/Configure-ACLs.xml
@@ -227,6 +227,14 @@
<entry> <para> A virtualhost (Java Broker only)</para> </entry>
</row>
<row>
+ <entry> <command>USER</command> </entry>
+ <entry> <para> A user (Java Broker only)</para> </entry>
+ </row>
+ <row>
+ <entry> <command>GROUP</command> </entry>
+ <entry> <para> A group (Java Broker only)</para> </entry>
+ </row>
+ <row>
<entry> <command>METHOD</command> </entry>
<entry> <para> Management or agent or broker method (Java Broker only)</para> </entry>
</row>
@@ -353,16 +361,16 @@
<para>
Suppose you wish to permission two users: a user 'operator' must be able to perform all Management operations, and
a user 'readonly' must be enable to perform only read-only functions. Neither 'operator' nor 'readonly'
- should be allow to connect for messaging.
+ should be allowed to connect clients for messaging.
</para>
<programlisting>
- # Give operator permission to execute all JMX Methods
- ACL ALLOW operator ALL METHOD
- # Give operator permission to execute only read-only JMX Methods
- ACL ALLOW readonly ACCESS METHOD
- # Deny operator/readonly permission to perform messaging.
- ACL DENY operator ACCESS VIRTUALHOST
- ACL DENY readonly ACCESS VIRTUALHOST
+ # Deny (loggged) operator/readonly permission to connect messaging clients.
+ ACL DENY-LOG operator ACCESS VIRTUALHOST
+ ACL DENY-LOG readonly ACCESS VIRTUALHOST
+ # Give operator permission to perfom all other actions
+ ACL ALLOW operator ALL ALL
+ # Give readonly permission to execute only read-only actions
+ ACL ALLOW readonly ACCESS ALL
...
... rules for other users
...
@@ -379,9 +387,12 @@
is allowed to perform user maintainence This example illustrates the permissioning of an individual component.
</para>
<programlisting>
- # Give operator permission to execute all JMX Methods
+ # Give usermaint permission to execute all JMX Methods on the
+ # UserManagement MBean and perform all actions for USER objects
ACL ALLOW usermaint ALL METHOD component="UserManagement"
+ ACL ALLOW usermaint ALL USER
ACL DENY ALL ALL METHOD component="UserManagement"
+ ACL DENY ALL ALL USER
...
... rules for other users
...
View Lorry Controller Status