Bridges and user permissions.
Article ID: KB0089492
Updated On:
| Products | Versions |
|---|---|
| TIBCO Enterprise Message Service | - |
| Not Applicable | - |
Description
Resolution:
Description:
= = = = = = =
What permissions should users have on source and target destinations to send/receive messages in a bridge?
Environment:
= = = = = = =
ALL
Resolution:
= = = = = =
When the secure property is enabled on a destination, it instructs the EMS server to check user permissions every time a user attempts to perform an operation on that destination. So the user which connects to the EMS server should have appropriate privileges set in the acl.conf to perform various operations on a destination, otherwise those operations will not be permitted.
Assumption:
- The destinations dst1 and dst2 are set with secure properties.
- The destination dest1 (source) is bridged to anther destination dest2.
- The user “user1” has permission to send messages on dest1, not on dest2.
- The user “user1” has permission to receive message from dest2, not on dest1.
Case 1). If user1 tries to publish a message to dest1, the operation will succeed and the message will be bridged to dest2. Even though user1 does not have permission to send on dest2 because the EMS server internally bridges the message sent by the user1 on dst1 to dest2. user1 can not directly publish onto the destination dst2 as it does not have permission for the send operation.
Case 2). If user1 tries to subscribe to receive messages from dst1, it won’t be permitted. It can however successfully subscribe to dst2 .
Users should have the appropriate privileges for the operations on destinations where the user sends/subscribes directly.
Description:
= = = = = = =
What permissions should users have on source and target destinations to send/receive messages in a bridge?
Environment:
= = = = = = =
ALL
Resolution:
= = = = = =
When the secure property is enabled on a destination, it instructs the EMS server to check user permissions every time a user attempts to perform an operation on that destination. So the user which connects to the EMS server should have appropriate privileges set in the acl.conf to perform various operations on a destination, otherwise those operations will not be permitted.
Assumption:
- The destinations dst1 and dst2 are set with secure properties.
- The destination dest1 (source) is bridged to anther destination dest2.
- The user “user1” has permission to send messages on dest1, not on dest2.
- The user “user1” has permission to receive message from dest2, not on dest1.
Case 1). If user1 tries to publish a message to dest1, the operation will succeed and the message will be bridged to dest2. Even though user1 does not have permission to send on dest2 because the EMS server internally bridges the message sent by the user1 on dst1 to dest2. user1 can not directly publish onto the destination dst2 as it does not have permission for the send operation.
Case 2). If user1 tries to subscribe to receive messages from dst1, it won’t be permitted. It can however successfully subscribe to dst2 .
Users should have the appropriate privileges for the operations on destinations where the user sends/subscribes directly.
Issue/Introduction
Bridges and user permissions.
Feedback
Yes
No
Powered by
