RabbitMQ User Role and permission Control

RabbitMQ User Role and permission Control

User Role category of RabbitMQ:
None, management, policymaker, monitoring, administrator

Role description of RabbitMQ:
None
Cannot access management plugin

Management
You can do anything through AMQP plus:
List virtual hosts that you can log on to through AMQP.
View queues, exchanges, and bindings in your virtual hosts.
View and disable your channels and connections
View the "Global" Statistics of your virtual hosts, including the activities of other users in these virtual hosts.

Policymaker
Management can do anything plus:
View, create, and delete the parameter ies and parameters of your virtual hosts.

Monitoring 
Management can do anything plus:
List all virtual hosts, including virtual hosts that they cannot log on
View connections and channels of other users
View node-level data such as clustering and memory usage
View real global statistics on all virtual hosts

Administrator
Policymaker and monitoring can do anything plus:
Create and delete virtual hosts
View, create, and delete users
View create and delete permissions
Disable connections of other users

Create a user and set roles:
You can create an administrator to perform O & M for the entire MQ, for example:

1. $ Sudo rabbitmqctl add_user user_admin passwd_admin

Grant it the administrator role:

1. $ Sudo rabbitmqctl set_user_tags user_admin administrator

You can create a RabbitMQ monitoring user to monitor the entire MQ, for example:

1. $ Sudo rabbitmqctl add_user user_monitoring passwd_monitor

Assign its monitoring role:

1. $ Sudo rabbitmqctl set_user_tags user_monitoring monitoring

You can create a dedicated user for a project and only access the virtual hosts of the project.

1. $ Sudo rabbitmqctl add_user user_proj passwd_proj

Assign its monitoring role:

1. $ Sudo rabbitmqctl set_user_tags user_proj management

After creating and assigning roles, check and confirm:

1. $ Sudo rabbitmqctl list_users

########################
# RabbitMQ permission control:
########################
Default virtual host :"/"
Default User: guest
Guest Has all permissions on "/". Only localhost can access RabbitMQ, including Plugin. We recommend that you delete or change the password. You can remove the local access restriction by setting loopback_users in the configuration file:
[{Rabbit, [{loopback_users, []}]

Users can only operate on resources in virtual hosts that they can access. Resources here refer to exchanges and queues in virtual hosts. operations include configuring, writing, and reading resources. Configure permissions to create, delete, and modify resources. write permissions can send messages to resources, and read permissions can get messages from resources. For example:
Declare and delete of exchange and queue require the configuration permissions on exchange and queue respectively.
The bind and unbind of exchange require the read and write permissions of exchange.
The bind and unbind of the queue require the write permission of the queue to read the exchange.
Publish requires the write permission of exchange.
The read permission of the queue is required to get or clear (get, consume, purge) messages.

You can use regular expressions to match the resource with the configuration, write, and read permissions. The specific command is as follows:
Set_permissions [-p <vhostpath>] <user> <conf> <write> <read>
Here, the <conf> <write> <read> positions match specific resources with regular expressions, such as '^ (amq \. gen. * | amq \. default) $ 'can match the exchange generated by the server and the default exchange.' ^ $ 'does not match any resource.

It should be noted that RabbitMQ caches the permission verification results for each connection or channel. Therefore, after the permission changes, re-connection is required to take effect.

Grant permissions to users:

1. $ Sudo rabbitmqctl set_permissions-p/vhost1 user_admin '.*''.*''.*'

This command enables user_admin to have the configuration, write, and read permissions for all resources in the virtual host/vhost1 to manage the resources in it.

View permissions:

$ Sudo rabbitmqctl list_user_permissions user_admin
Listing permissions for user "user_admin "...
/Vhost1 .*.*.*

$ Sudo rabbitmqctl list_permissions-p/vhost1
Listing permissions in vhost "/vhost1 "...
User_admin .*.*.*

Install RabbitMQ in CentOS 5.6

Detailed installation record of RabbitMQ client C ++

Try RabbitMQ in Python

Deployment of production instances in the RabbitMQ Cluster Environment

Use PHP + RabbitMQ in Ubuntu

Process of installing RabbitMQ on CentOS

RabbitMQ concept and Environment Construction

RabbitMQ getting started

RabbitMQ details: click here
RabbitMQ: click here

This article permanently updates the link address: