activemq-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Basmajian, Raffi" <rbasmaj...@ofiglobal.com>
Subject Securing queues/topics with custom ACLs
Date Tue, 06 Oct 2015 16:54:42 GMT
Is it possible to achieve fine-grained access control over destinations to do something like
this...



Destination           LDAP Group     Operations Allowed

=======================================================

trading.orders          group1         receive

trading.orders          group4         browse

products.alerts         group2         send

marketing.campaign.*    group3         send,receive

metrics.sink.*          everyone       send

audit.events            everyone       none





Based on the LDAP module documentation, READ, WRITE, and ADMIN are the only supported operations
for restricting access to destinations, but these are too limiting for our needs. Can we achieve
fine-grained access as depicted above, or does this require a custom LDAP module?



Raffi

This e-mail transmission may contain information that is proprietary, privileged and/or confidential
and is intended exclusively for the person(s) to whom it is addressed. Any use, copying, retention
or disclosure by any person other than the intended recipient or the intended recipient's
designees is strictly prohibited. If you are not the intended recipient or their designee,
please notify the sender immediately by return e-mail and delete all copies. OppenheimerFunds
may, at its sole discretion, monitor, review, retain and/or disclose the content of all email
communications.

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message