[ https://issues.apache.org/jira/browse/QPID-8163?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Keith Wall updated QPID-8163: ----------------------------- Description: [http://qpid.2158936.n2.nabble.com/Java-Broker-Temporary-queues-ACLs-for-multiple-users-td7674630.html] The Broker-J's access-control-plugin currently has no way to express rules that apply to subject that owns an object. For instance, it is impossible to say that only a user can consume from any queue that he created. If the ACL system supported a pseudo subject {{OWNER}} (in additional to the pseudo subject {{ALL}} it already supports), then it would be possible to write such rules. {noformat} ACL ALLOW-LOG OWNER CONSUME QUEUE{noformat} It is noted that currently the model does not a have notion of object ownership (QPID-8162). It does have an immutable {{createdBy}} attribute. The first version of this feature will use {{createdBy}}. was: [http://qpid.2158936.n2.nabble.com/Java-Broker-Temporary-queues-ACLs-for-multiple-users-td7674630.html] The Broker-J's access-control-plugin currently has no way to express rules that apply to subject that owns an object. For instance, it is impossible to say that only a user can consume from any queue that he created. If the ACL system supported a pseudo subject {{OWNER}} (in additional to the pseudo subject {{ALL}} it already supports), then it would be possible to write such rules. {noformat} ACL ALLOW-LOG OWNER CONSUME QUEUE{noformat} It is noted that currently the model does not a have notion of object ownership (QPID-8162). It does have an immutable {{createdBy}} attribute. The first version of this feature will use {{createdBy}}. > [Broker-J] [ACL] Owner ACL rules > -------------------------------- > > Key: QPID-8163 > URL: https://issues.apache.org/jira/browse/QPID-8163 > Project: Qpid > Issue Type: Improvement > Components: Broker-J > Reporter: Keith Wall > Priority: Minor > > [http://qpid.2158936.n2.nabble.com/Java-Broker-Temporary-queues-ACLs-for-multiple-users-td7674630.html] > The Broker-J's access-control-plugin currently has no way to express rules > that apply to subject that owns an object. For instance, it is impossible to > say that only a user can consume from any queue that he created. > If the ACL system supported a pseudo subject {{OWNER}} (in additional to the > pseudo subject {{ALL}} it already supports), then it would be possible to > write such rules. > {noformat} > ACL ALLOW-LOG OWNER CONSUME QUEUE{noformat} > It is noted that currently the model does not a have notion of object > ownership (QPID-8162). It does have an immutable {{createdBy}} attribute. > The first version of this feature will use {{createdBy}}. -- This message was sent by Atlassian JIRA (v7.6.3#76005) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org For additional commands, e-mail: dev-h...@qpid.apache.org