Is it possible to grant permission to a user to view only one queue?I tried with "grant admin myuser view-destination".But then, the user "myuser" can view ALL destinations, NOT just the one destination that I want.
Article ID: KB0088846
Updated On:
| Products | Versions |
|---|---|
| TIBCO Enterprise Message Service | - |
| Not Applicable | - |
Description
Resolution:
This can be done. You need to grant destination-level permission (view) to the user instead.
grant queue <queue_name> user=<user> <permissions>
For example,
grant queue queue.sample user=myuser view
tcp://localhost:7222> grant queue queue.sample user= myuser view
Permissions have been changed
tcp://localhost:7222> showacl queue queue.sample
Principal Permissions for queue 'queue.sample'
User=emsuser view
The following entry will be added in acl.conf file.
QUEUE=queue.sample USER= myuser PERM=view
Destination-level permissions include
View, create, delete, modify, purge
View - View information for this destination.
Create - Create the specified destination. This permission is useful when used with wildcard destination names. This allows the user to create any destination that matches the specified parent.
Delete - Delete this destination.
Modify - Change the properties for this destination.
Purge - Either purge this queue, if the destination is a queue, or purge the durable subscribers, if the destination is a topic with durable subscriptions.
For more information, please refer to Chapter 8 “Authentication and Permission” of the TIBCO EMS User’s Guide.
This can be done. You need to grant destination-level permission (view) to the user instead.
grant queue <queue_name> user=<user> <permissions>
For example,
grant queue queue.sample user=myuser view
tcp://localhost:7222> grant queue queue.sample user= myuser view
Permissions have been changed
tcp://localhost:7222> showacl queue queue.sample
Principal Permissions for queue 'queue.sample'
User=emsuser view
The following entry will be added in acl.conf file.
QUEUE=queue.sample USER= myuser PERM=view
Destination-level permissions include
View, create, delete, modify, purge
View - View information for this destination.
Create - Create the specified destination. This permission is useful when used with wildcard destination names. This allows the user to create any destination that matches the specified parent.
Delete - Delete this destination.
Modify - Change the properties for this destination.
Purge - Either purge this queue, if the destination is a queue, or purge the durable subscribers, if the destination is a topic with durable subscriptions.
For more information, please refer to Chapter 8 “Authentication and Permission” of the TIBCO EMS User’s Guide.
Issue/Introduction
Is it possible to grant permission to a user to view only one queue?I tried with "grant admin myuser view-destination".But then, the user "myuser" can view ALL destinations, NOT just the one destination that I want.
Feedback
Yes
No
Powered by
