Defining user groups with queue privileges.
Article ID: KB0086154
Updated On:
| Products | Versions |
|---|---|
| TIBCO Enterprise Message Service | - |
| Not Applicable | - |
Description
Resolution:
Description:
Defining a group of users who can only have “create a queue”, “publish into a queue” and “subscribe from queue” permissions when authorization is enabled in the EMS server.
Assume two parent queues named “developers.>” and “testers.>” . The group “developers” contains members such as “dev1” and “dev2”. The group “testers” contains members like “tester1” and “tester2” . The members of the developers group should have create, send and receive permissions on all child queues of the queue developers.> and the members of the testers group should have create, send and receive permissions on all child queues of the queue testers.>.
Environment:
TIBCO Enterprise Message Service (All Versions)
Resolution:
The following is a list of commands that can be used to achieve the requirement.
1. Connect to the EMS server via tibemsadmin tool with the default admin account.
2. Use the command: set server authorization=enabled
3. Mark all queues secure, especially if a queue called “>” exists.
4. Use the command: create group developers
5. Use the command: create group testers
6. Use the command: create user dev1 password=dev1
7. Use the command: create user dev2 password=dev2
8. Use the command: create user tester1 password=tester1
9. Use the command: create user tester2 password=tester2
10. Use the command: add member developers dev1,dev2
11. Use the command: add member testers tester1,tester2
12. Use the command: create queue developers.>
13. Use the command: create queue testers.>
14. Use the command: addprop developers.> secure
15. Use the command: addprop testers.> secure
16. Use the command: grant queue developers.> group=developers create,send,receive
17. Use the command: grant queue testers.> group=testers create,send,receive
Now any application which connects to the EMS server using the user/password who is a member of the group “developers” can only create a queue that is the child of the queue developers.> and send or receive from that queue. It cannot create any other queue such as testers.1 and cannot send and receive to/from any queue which is a child of testers.> .
Description:
Defining a group of users who can only have “create a queue”, “publish into a queue” and “subscribe from queue” permissions when authorization is enabled in the EMS server.
Assume two parent queues named “developers.>” and “testers.>” . The group “developers” contains members such as “dev1” and “dev2”. The group “testers” contains members like “tester1” and “tester2” . The members of the developers group should have create, send and receive permissions on all child queues of the queue developers.> and the members of the testers group should have create, send and receive permissions on all child queues of the queue testers.>.
Environment:
TIBCO Enterprise Message Service (All Versions)
Resolution:
The following is a list of commands that can be used to achieve the requirement.
1. Connect to the EMS server via tibemsadmin tool with the default admin account.
2. Use the command: set server authorization=enabled
3. Mark all queues secure, especially if a queue called “>” exists.
4. Use the command: create group developers
5. Use the command: create group testers
6. Use the command: create user dev1 password=dev1
7. Use the command: create user dev2 password=dev2
8. Use the command: create user tester1 password=tester1
9. Use the command: create user tester2 password=tester2
10. Use the command: add member developers dev1,dev2
11. Use the command: add member testers tester1,tester2
12. Use the command: create queue developers.>
13. Use the command: create queue testers.>
14. Use the command: addprop developers.> secure
15. Use the command: addprop testers.> secure
16. Use the command: grant queue developers.> group=developers create,send,receive
17. Use the command: grant queue testers.> group=testers create,send,receive
Now any application which connects to the EMS server using the user/password who is a member of the group “developers” can only create a queue that is the child of the queue developers.> and send or receive from that queue. It cannot create any other queue such as testers.1 and cannot send and receive to/from any queue which is a child of testers.> .
Issue/Introduction
Defining user groups with queue privileges.
Feedback
Yes
No
Powered by
