ACL file format for brokers.
Notes on file formats
- File order - first match top to bottom.
- Group lists may be extended to the following line by terminating the line with the '\' character.
- All permission rules are limited to a single line.
- Rules are interpreted from the top of the file down until the name match is obtained; at which point processing stops.
- The last line of the file (whether present or not) will be "acl deny"
- Group names may contain only a-z, A-Z, 0-9, '-','_'.
- A line starting with the character '#' will be considered a comment, and will be ignored.
- Rules must be preceded by any group definitions they may use; any name not previously defined as a group will be assumed to be that of an individual.
user-list = user1 user2 user3 ... group-name-list = group1 group2 group3 ... group <group-name> = [user-list] [group-name-list] permission = [allow|allow-log|deny|deny-log] action = [consume|publish|create|access|bind|unbind|delete|purge] object = [queue|exchange|routingkey] property = [temporary|durable|owner] acl permission [<group-name|user-name>] [action] [object=<object-name>] [property=<property-value>]
Example file:
# Some groups group admin ted martin group user-consume martin ted group user2 kim user-consume rob # Some rules acl allow carlt create exchange=carl.* acl deny rob create queue acl allow guest bind exchange=amq.topic routingkey=stocks.ibm.# owner=self acl allow user-consume create queue=tmp.* acl allow admin acl allow bind owner=self acl allow consume owner=self acl allow publisher publish temporary=true acl allow publisher create queue=RequestQueue acl allow consumer consume temporary=true acl allow consumer create temporary=true acl deny