[
https://issues.apache.org/jira/browse/QPID-8163?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Keith Wall updated QPID-8163:
-----------------------------
Description:
[http://qpid.2158936.n2.nabble.com/Java-Broker-Temporary-queues-ACLs-for-multiple-users-td7674630.html]
The Broker-J's access-control-plugin currently has no way to express rules that
apply to subject that owns an object. For instance, it is impossible to say
that only a user can consume from any queue that he created.
If the ACL system supported a pseudo subject {{OWNER}} (in additional to the
pseudo subject {{ALL}} it already supports), then it would be possible to write
such rules.
{noformat}
ACL ALLOW-LOG OWNER CONSUME QUEUE{noformat}
It is noted that currently the model does not a have notion of object ownership
(QPID-8162). It does have an immutable {{createdBy}} attribute. The first
version of this feature will use {{createdBy}}.
was:
[http://qpid.2158936.n2.nabble.com/Java-Broker-Temporary-queues-ACLs-for-multiple-users-td7674630.html]
The Broker-J's access-control-plugin currently has no way to express rules that
apply to subject that owns an object. For instance, it is impossible to say,
only the user who owns a queue can consume from it.
If the ACL system supported a pseudo subject {{OWNER}} (in additional to the
pseudo subject {{ALL}} it already supports), then it would be possible to write
such rules.
{noformat}
ACL ALLOW-LOG OWNER CONSUME QUEUE{noformat}
It is noted that currently the model does not a have notion of object ownership
(QPID-8162). It does have an immutable {{createdBy}} attribute. The first
version of this feature will use {{createdBy}}.
> [Broker-J] [ACL] Owner ACL rules
> --------------------------------
>
> Key: QPID-8163
> URL: https://issues.apache.org/jira/browse/QPID-8163
> Project: Qpid
> Issue Type: Improvement
> Components: Broker-J
> Reporter: Keith Wall
> Priority: Minor
>
> [http://qpid.2158936.n2.nabble.com/Java-Broker-Temporary-queues-ACLs-for-multiple-users-td7674630.html]
> The Broker-J's access-control-plugin currently has no way to express rules
> that apply to subject that owns an object. For instance, it is impossible to
> say that only a user can consume from any queue that he created.
> If the ACL system supported a pseudo subject {{OWNER}} (in additional to the
> pseudo subject {{ALL}} it already supports), then it would be possible to
> write such rules.
> {noformat}
> ACL ALLOW-LOG OWNER CONSUME QUEUE{noformat}
> It is noted that currently the model does not a have notion of object
> ownership (QPID-8162). It does have an immutable {{createdBy}} attribute.
> The first version of this feature will use {{createdBy}}.
>
>
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
