RABBITMQ User Role Categories:
None, management, policymaker, monitoring, administrator
RABBITMQ description of various roles:
None
Cannot access To view permissions:
Management plugin
Management
Anything a user can do with AMQP plus:
List the virtual hosts that you can log into via AMQP
View queues, exchanges and bindings in your virtual hosts
View and close your own channels and connections
View statistics about the "global" of your own virtual hosts, including the activities of other users in these virtual hosts.
PolicyMaker
Anything that management can do plus:
View, create, and delete your own virtual hosts policies and parameters
Monitoring
Anything that management can do plus:
List all virtual hosts, including virtual hosts that they cannot log in to
View connections and channels for other users
View node-level data such as clustering and memory usage
View real global statistics about all virtual hosts
Administrator
Anything that policymaker and monitoring can do plus:
Create and delete virtual hosts
View, create, and delete users
View Create and Delete permissions
Close other users ' connections
To create a user and set up a role:
You can create an administrator user who is responsible for the operation of the entire MQ, for example:
Give its administrator role:
You can create a RABBITMQ monitoring user that is responsible for monitoring the entire MQ, for example:
Give its monitoring role:
You can create a dedicated user for a project and access only the project's own virtual hosts
Give its monitoring role:
After creating and assigning a role, review and confirm:
########################
#RabbitMQ permission control:
########################
Default virtual Host: "/"
Default User: guest
Guest has all permissions on "/", only localhost access rabbitmq including plugin, it is recommended to remove or change the password. You can remove the restrictions for local access by Loopback_users hole in the configuration file:
[{rabbit, [{loopback_users, []}]}]
Users can only access the virtual The resources in the hosts to operate. The resources here refer to the exchanges, queues, etc. in virtual hosts, and the operations include configuring, writing, and reading the resources. Configure permissions to create, delete, resource, and modify the behavior of a resource, write permission to send a message to a resource, read permission to get a message from a resource. For example:
Exchange and queue declare and delete require configuration permissions on Exchange and queue respectively
Exchange's bind and unbind require read and write permissions for Exchange
Queue bind and Unbind require queue Write permissions Exchange Read permissions
Send message (publish) require Exchange Write permission
to get or clear (get, consume, purge) messages require Read access to queue The
matches which resources have configuration, write, read permissions through regular expressions, with the following command:
Set_permissions [-P <vhostpath>] <user> <conf> < Write> <read>
where,<conf> <write> <read> positions are matched with a regular expression to match a specific resource, such as ' ^ (amq\.gen.*|amq\. Default) $ ' can match server-generated and default Exchange, ' ^$ ' does not match any resources
It is important to note that RABBITMQ caches the permission validation results for each connection or channel, Therefore, a re-connect is required to take effect after the permissions have changed.
to empower users:
This command enables the user to user_admin the configuration, write, and read permissions of all resources in this virtual host to manage the resources in the/vhost1
RABBITMQ user Roles and permissions control
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
