| |
User roles RabbitMQ Category:
none, management, policymaker, monitoring, administrator
RabbitMQ all kinds of role description:
none
You can not access the management plugin
management
Users can do anything AMQP plus:
A list of your signed by AMQP virtual hosts
View your virtual hosts in the queues, exchanges and bindings
View and close their channels and connections
See "global" statistical information on their own virtual hosts, including other user activity in these virtual hosts.
policymaker
Anything management can do plus:
View, create, and delete their own policies and parameters of the virtual hosts belongs
monitoring
Anything management can do plus:
List all virtual hosts, including virtual hosts that they can not log in
View other users' connections and channels
View node-level data such as clustering and memory usage
See the real statistics on the global to all virtual hosts
administrator
policymaker and monitoring can do anything plus:
Create and delete virtual hosts
View, create, and delete users
See Create and delete permissions
Close other user connections
Create users and set roles:
You can create an administrator user, responsible for the entire MQ operation and maintenance, for example:
$ Sudo rabbitmqctl add_user user_admin passwd_admin
Given its administrator roles:
$ Sudo rabbitmqctl set_user_tags user_admin administrator
RabbitMQ can be created to monitor user, responsible for the entire MQ monitoring, for example:
$ Sudo rabbitmqctl add_user user_monitoring passwd_monitor
Given its monitoring role:
$ Sudo rabbitmqctl set_user_tags user_monitoring monitoring
You can create a dedicated user of a project, the project can only access their own virtual hosts
$ Sudo rabbitmqctl add_user user_proj passwd_proj
Given its monitoring role:
$ Sudo rabbitmqctl set_user_tags user_proj management
Create and assign roles after the completion of review and confirm:
$ Sudo rabbitmqctl list_users
########################
#RabbitMQ Access control:
########################
The default virtual host: "/"
Default User: guest
guest, with full privileges "/" on localhost only have access RabbitMQ include Plugin, it proposed to delete or change your password. Abolition of restrictions can be accessed by their local profile loopback_users set hole:
[{Rabbit, [{loopback_users, []}]}]
Users can access their virtual hosts only the resources to operate. Resources here refers to the virtual hosts in the exchanges, queues, etc., operations including resource configuration, writing, reading. Configuration rights can create, delete, and modify the behavior of resources resources write permissions can send messages to the resource, read access to get messages from resources. such as:
exchange and declare the queue and delete permissions are required to configure and queue on the exchange
exchange of bind and unbind need read and write permissions of exchange
The queue bind and unbind need write access to exchange queue read access
Write permission message (publish) the need to exchange
Read permission to get or clear (get, consume, purge) queue of messages required
What has the configuration of resources, write and read access via regular expressions to match the specific command as follows:
set_permissions [-p < vhostpath >] < user > < conf > < write > < read >
Where, < conf > < write > < read > positions were using regular expressions to match specific resources, such as '^ (amq \ .gen * |. Amq \ .default) $' can match the server and generate a default exchange, '^ $' does not match any resources
Note that RabbitMQ caches permissions for each connection or channel verification result, and therefore change permissions after the occurrence of the need to reconnect to take effect.
Empowering the user:
$ Sudo rabbitmqctl set_permissions -p / vhost1 user_admin '. *' '. *' '. *'
This command allows the user to configure all resources have user_admin / vhost1 this virtual host, the write and read permission to manage its resources
View permissions:
$ Sudo rabbitmqctl list_user_permissions user_admin
Listing permissions for user "user_admin" ...
/ Vhost1. *. *. *
$ Sudo rabbitmqctl list_permissions -p / vhost1
Listing permissions in vhost "/ vhost1" ...
user_admin. *. *. * |
|
|
|