RABBITMQ user Roles and permissions control

Source: Internet
Author: User
Tags rabbitmq amq



RABBITMQ User Role Categories:
None, management, policymaker, monitoring, administrator

RABBITMQ description of various roles:
None
Cannot access To view permissions:

Management plugin

Management

Anything a user can do with AMQP plus:
List the virtual hosts that you can log into via AMQP
View queues, exchanges and bindings in your virtual hosts
View and close your own channels and connections
View statistics about the "global" of your own virtual hosts, including the activities of other users in these virtual hosts.

PolicyMaker
Anything that management can do plus:
View, create, and delete your own virtual hosts policies and parameters

Monitoring
Anything that management can do plus:
List all virtual hosts, including virtual hosts that they cannot log in to
View connections and channels for other users
View node-level data such as clustering and memory usage
View real global statistics about all virtual hosts

Administrator
Anything that policymaker and monitoring can do plus:
Create and delete virtual hosts
View, create, and delete users
View Create and Delete permissions
Close other users ' connections

To create a user and set up a role:
You can create an administrator user who is responsible for the operation of the entire MQ, for example:


View Plaincopy
    1. $sudo rabbitmqctl add_user user_admin passwd_admin


Give its administrator role:


View Plaincopy
    1. $sudo rabbitmqctl set_user_tags user_admin Administrator



You can create a RABBITMQ monitoring user that is responsible for monitoring the entire MQ, for example:


View Plaincopy
    1. $sudo rabbitmqctl add_user user_monitoring passwd_monitor


Give its monitoring role:


View Plaincopy
    1. $sudo Rabbitmqctl set_user_tags user_monitoring Monitoring



You can create a dedicated user for a project and access only the project's own virtual hosts


View Plaincopy
    1. $sudo rabbitmqctl add_user user_proj passwd_proj


Give its monitoring role:


View Plaincopy
    1. $sudo rabbitmqctl set_user_tags user_proj Management


After creating and assigning a role, review and confirm:

View Plaincopy
    1. $sudo Rabbitmqctl List_users



########################
#RabbitMQ permission control:
########################
Default virtual Host: "/"
Default User: guest 
Guest has all permissions on "/", only localhost access rabbitmq including plugin, it is recommended to remove or change the password. You can remove the restrictions for local access by Loopback_users hole in the configuration file:
[{rabbit, [{loopback_users, []}]}]

Users can only access the virtual The resources in the hosts to operate. The resources here refer to the exchanges, queues, etc. in virtual hosts, and the operations include configuring, writing, and reading the resources. Configure permissions to create, delete, resource, and modify the behavior of a resource, write permission to send a message to a resource, read permission to get a message from a resource. For example:
Exchange and queue declare and delete require configuration permissions on Exchange and queue respectively
Exchange's bind and unbind require read and write permissions for Exchange
Queue bind and Unbind require queue Write permissions Exchange Read permissions
Send message (publish) require Exchange Write permission
to get or clear (get, consume, purge) messages require Read access to queue The

matches which resources have configuration, write, read permissions through regular expressions, with the following command:
Set_permissions [-P <vhostpath>] <user> <conf> < Write> <read>
where,<conf> <write> <read> positions are matched with a regular expression to match a specific resource, such as ' ^ (amq\.gen.*|amq\. Default) $ ' can match server-generated and default Exchange, ' ^$ ' does not match any resources

It is important to note that RABBITMQ caches the permission validation results for each connection or channel, Therefore, a re-connect is required to take effect after the permissions have changed.

to empower users:

View Plaincopy
    1. $sudo rabbitmqctl set_permissions-p/vhost1 user_admin '. * '. * '. * '


This command enables the user to user_admin the configuration, write, and read permissions of all resources in this virtual host to manage the resources in the/vhost1







View Plaincopy
      1. $sudo Rabbitmqctl list_user_permissions user_admin
      2. Listing Permissions for user "User_admin" ...
      3. /vhost1<span style= "White-space:pre" > </span>.*<span style= "White-space:pre" > </span>.* <span style= "White-space:pre" > </span>.*
      4. $sudo Rabbitmqctl list_permissions-p/vhost1
      5. Listing permissions in Vhost "/vhost1" ...
      6. User_admin<span style= "White-space:pre" > </span>.*<span style= "White-space:pre" > </span>.* <span style= "White-space:pre" > </span>.*


RABBITMQ user Roles and permissions control


Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.