RABBITMQ user Roles and permissions control-2

1.RabbitMQ User Role Categories:

None, management, policymaker, monitoring, administrator

• None Cannot access management plugin
• Management users can do anything out of AMQP
• List the virtual hosts that you can log into via AMQP
  
• View queues, exchanges and bindings in your virtual hosts
• View and close your own channels and connections
• View statistics about the "global" of your own virtual hosts, including the activities of other users in these virtual hosts.
• Anything that policymaker management can do plus:
  • View, create, and delete your own virtual hosts policies and parameter

• Anything that monitoring management can do plus:
  • List all virtual hosts, including virtual hosts that they cannot log in to
    
  • View connections and channels for other users
  • View node-level data such as clustering and memory usage
  • View real global statistics about all virtual hosts

• Anything that administrator policymaker and monitoring can do plus:
  
  • Create and delete virtual hosts
  • View, create, and delete users
  • View Create and Delete permissions
  • Close other users ' connections

2. User Management

• Add a user

  • ./rabbitmqctl Add_user Peter 123456

• Give administrator a role

• Delete a user

  • Rabbitmqctl  Delete_user Peter

• Modify User Password

  • /rabbitmqctl Change_password Peter 131415

• View the current user list

  • ./rabbitmqctl  List_users

• Create a RABBITMQ monitoring user, responsible for the entire MQ monitoring

  • ./rabbitmqctl Add_user Lp_momitor 123456

• Give its monitoring role:

  • ./rabbitmqctl set_user_tags Lp_momitor Monitoring

• List the current user
  • ./rabbitmqctl List_users

    Listing users ... guest    [Administrator]lp_momitor    [Monitoring]peter    [Administrator]

3. RabbitMQ Permissions Control:

Default virtual Host: "/"
Default User: Guest
Guest has full privileges on "/" and only localhost access rabbitmq including plugin, it is recommended to remove or change the password. Restrictions on local access can be canceled by Loopback_users hole in the configuration file:
[{rabbit, [{loopback_users, []}]}]

Users can only manipulate resources in the virtual hosts that they can access. The resources here refer to the exchanges, queues, etc. in virtual hosts, and the operations include configuring, writing, and reading the resources. Configure permissions to create, delete, resource, and modify the behavior of a resource, write permission to send a message to a resource, read permission to get a message from a resource. Like what:
Declare and delete for Exchange and queue require configuration permissions on Exchange and queue, respectively
Exchange Read and Write permissions are required for bind and unbind
Queue bind with Unbind requires queue Write permission for Exchange Read permissions
Send message (publish) requires write permission for Exchange
Get or clear (get, consume, purge) messages require the Read permission of the queue

• This command enables the user to user_admin the configuration, write, and read permissions of all resources in this virtual host to manage the resources in the/vhost1

./rabbitmqctl  ' . * '. * '. * '

• To view permissions:

./rabbitmqctl list_user_permissions Lp_momitor

　　

Vhost can be created through RABBITMQ's background management

RABBITMQ user Roles and permissions control-2