After a client is successfully authenticated by the message broker, it needs to perform some activities in some virtual hosts. In the earlier chapters, we saw that permissions are defined per vhost and live either internally in the message broker or externally. The RabbitMQ LDAP backend plugin that we saw earlier provides you with an ability to store permissions in an LDAP server. The following types of permissions are configured in the message broker:
configure: This allows a resource to be created, modified, or deleted
write: This allows a resource to be written to
read: This allows a resource to be read from
We already discussed how to manage permissions using the rabbitmqctl
utility and the HTTP API. The following commands can be used from the utility to manage permissions:
set_permissions
: This sets permissions per user per vhostclear_permissions
: This clears permissions per user per vhostlist_permissions
: This lists the users that are granted access to a particular vhost...