[
https://issues.apache.org/jira/browse/QPID-7921?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Alex Rudyy updated QPID-7921:
-----------------------------
Description:
The broker users should be able to allow/deny individual management operations.
We need to improve existing rule based ACL controllers to allow specifying ACL
rules for the managed operations. The proposed ACL rule syntax for the method
invocations is below:
{noformat}
ACL [ALLOW|DENY] principal INVOKE object_type operation_name="myOperation"
{nofromat}
where object_type is any of below
* BROKER
* VIRTUALHOSTNODE
* VIRTUALHOST
* QUEUE
* EXCHANGE
* USER
* GROUP
We do not want to introduce new object types for other broker and virtual host
children.
The ACL rule for them can be expressed using object type BROKER or VIRTUALHOST
accordingly.
We should still support BIND/UNBIND/SHUTDOWN/PUBLISH syntax for backward
compatibility.
was:
The broker users should be able to allow/deny individual management operations.
We need to improve existing rule based ACL controllers to allow specifying ACL
rules for the managed operations. The proposed ACL rule syntax for the method
invocations is below:
{noformat}
ACL [ALLOW|DENY] principal INVOKE object_type operation_name="myOperation"
{nofromat}
where object_type is any of below
* BROKER
* VIRTUALHOSTNODE
* VIRTUALHOST
* QUEUE
* EXCHANGE
* USER
* GROUP
We do not want to introduce new object types for other broker and virtual host
children.
The ACL rule for them can be expressed using object type BROKER or VIRTUALHOST
accordingly.
We should still support BIND/UNBIND/SHUTDOWN/PUBLISH syntax for backward
compatibility.
> [Java Broker] [ACL] Tactical improvements to ACL to allow managed operation
> invocations to be controlled
> --------------------------------------------------------------------------------------------------------
>
> Key: QPID-7921
> URL: https://issues.apache.org/jira/browse/QPID-7921
> Project: Qpid
> Issue Type: Bug
> Components: Java Broker
> Affects Versions: qpid-java-broker-7.0.0
> Reporter: Alex Rudyy
>
> The broker users should be able to allow/deny individual management
> operations.
> We need to improve existing rule based ACL controllers to allow specifying
> ACL rules for the managed operations. The proposed ACL rule syntax for the
> method invocations is below:
> {noformat}
> ACL [ALLOW|DENY] principal INVOKE object_type operation_name="myOperation"
> {nofromat}
> where object_type is any of below
> * BROKER
> * VIRTUALHOSTNODE
> * VIRTUALHOST
> * QUEUE
> * EXCHANGE
> * USER
> * GROUP
> We do not want to introduce new object types for other broker and virtual
> host children.
> The ACL rule for them can be expressed using object type BROKER or
> VIRTUALHOST accordingly.
> We should still support BIND/UNBIND/SHUTDOWN/PUBLISH syntax for backward
> compatibility.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org
For additional commands, e-mail: dev-h...@qpid.apache.org
