...
- File order - first match top to bottom.
- group Group lists can may be extended to subsequent lines by using the following line by terminating the line with the '\' character.
- All Permission lines need to be specified on a single linepermission rules are limited to a single line.
- Rules are interpreted from the top of the file down until the name match is obtained; at which point processing stops.
- The last line of the file is defaulted to be '(whether present or not) will be "acl deny'"
- Group names may contain only a-z, A-Z, 0-9, '-','_'.
- A line starting with the character '#' will be considered a comment, and will be ignored.
- Rules must be preceded by any group definitions they may use; any name not previously defined as a group will be assumed to be that of an individual.
| Code Block |
|---|
user-list = user1 user2 user3 ... group-name-list = group1 group2 group3 ... group <group-name> = [user-list] [group-name-list] action permission = [consume| publish| create| access| bind| unbind| delete| purge] permission = [allow|allow-log|deny|deny-logallow|allow-log|deny|deny-log] action = [consume|publish|create|access|bind|unbind|delete|purge] object = [queue|exchange|routingkey] property = [temporary|durable|owner] object = [queue|exchange|routingkey] acl permission [<group-name|user-name>] [action] [object=<object-name>] [property = <property-value>] |
Example file:
| Code Block |
|---|
# Some groups group admin ted martin group user-consume martin ted group user2 kim user-consume rob # Some rules acl allow carlt create exchange=carl.* acl deny rob create queue acl allow guest bind exchange=amq.topic routingkey=stocks.ibm.# owner=self acl allow user-consume create queue=tmp.* acl allow admin acl allow bind owner=self acl allow consume owner=self acl allow publisher publish temporary=true acl allow publisher create queue=RequestQueue acl allow consumer consume temporary=true acl allow consumer create temporary=true acl deny |