rabbitmq permission management

Language 2023-09-05 18:18:05 views: null

Permission roles for RabbitMQ

  1. none: You cannot log in to the management console (when the management plugin is enabled), you can only send and receive messages, so the default role of the general producer and consumer is this
  2. Ordinary managers (management): they can only log in to the management console (when the management plugin is enabled), but cannot see node information or manage policies.
    • Anything a user can do over AMQP plus:
    • List the virtual hosts that you can log in through AMQP
    • View queues, exchanges and bindings in your virtual hosts
    • View and close your own channels and connections
    • View "global" statistics about your own virtual hosts, including other users' activity on those virtual hosts
  3. Policy Maker (policymaker): You can log in to the management console (when the management plugin is enabled), and manage policies at the same time.
    • Management permissions plus:
    • View, create and delete the policies and parameters of your own virtual hosts
  4. Monitor: You can log in to the management console (when the management plugin is enabled), and at the same time view the relevant information of the rabbitmq node.
    • Management permissions plus:
    • List all virtual hosts, including virtual hosts they cannot log into
    • View connections and channels of other users
    • View node-level data such as clustering and memory usage
    • View real global statistics about all virtual hosts
  5. Super administrator (administrator): can log in to the management console (when the management plugin is enabled), view all information, and operate users and policies.
    • Policymaker and monitoring permissions plus:
    • Create and delete virtual hosts
    • View, create and delete users
    • View creating and deleting permissions
    • Close other user's connections

User Management for RabbitMQ

  1. New user:rabbitmqctl add_user {user_name} {user_passwd}
# rabbitmqctl add_user yang 123456
Adding user "yang" ...
  1. View created users:rabbitmqctl list_users
# rabbitmqctl list_users
Listing users ...
user	tags
yang	[]
guest	[administrator]
  1. Set user roles:rabbitmqctl set_user_tags {user_name} {permissions}
# rabbitmqctl set_user_tags yang administrator
Setting tags for user "yang" to [administrator] ...
#
# rabbitmqctl list_users
Listing users ...
user	tags
yang	[administrator]
guest	[administrator]
  1. Modify the password of a specified user:rabbitmqctl change_password {username} {newpassword}
# rabbitmqctl change_password yang 12345678
Changing password for user "yang" ...
  1. Delete password:rabbitmqctl clear_password {username}
# rabbitmqctl clear_password yang
Clearing password for user "yang" ...
  1. Delete specified user:rabbitmqctl delete_user {username}
# rabbitmqctl delete_user yang
Deleting user "yang" ...
#
# rabbitmqctl list_users
Listing users ...
user	tags
guest	[administrator]

RabbitMQ permission control

After adding the relevant users above, you can assign the relevant vhost permissions to the users.
Vhosts are to Rabbit what virtual machines are to physical servers. They allow you to run data securely and privately for different applications by providing logical separation between individual instances. In RabbitMQ, the corresponding permissions are divided into three parts: read, write, and configure.

  • read: any operation on consuming a message, including "clearing" the entire queue (again requires the success of the bind operation)
  • write: publish a message (also requires the success of the bind operation)
  • Configuration: creation and deletion of queues and exchanges

After knowing the configuration related to RabbitMQ permissions, you can configure the corresponding information according to the specific situation.

  1. Create vhost: rabbitmqctl add_vhost {vhost}Because the permissions of RabbitMQ are separated by vhost, we need to determine a vhost to determine the relevant permission settings. The default vhost is "/".
# rabbitmqctl add_vhost tmp_vhost
Adding vhost "tmp_vhost" ...
  1. List all vhosts: rabbitmqctl list_vhosts {vhostinfoitem ...}{vhostinfoitem} indicates the field information of the vhost to be displayed, and the displayed results will be displayed in the order of the fields specified by {vhostinfoitem}. These fields are: name (name) and tracing (whether tracing is enabled for this vhost). If no specific field item is specified, the name of the vhost will be displayed.
# rabbitmqctl list_vhosts
Listing vhosts ...
name
/
tmp_vhost
#
# rabbitmqctl list_vhosts tracing
Listing vhosts ...
tracing
false
false
  1. Delete a vhost: rabbitmqctl delete_vhost {vhost}Deleting a vhost will delete all exchanges, queues, bindings, user permissions, parameters and policies of the vhost.
# rabbitmqctl delete_vhost tmp_vhost
Deleting vhost "tmp_vhost" ...
#
# rabbitmqctl list_vhosts
Listing vhosts ...
name
/
  1. Set user permissions rabbitmqctl set_permissions [-p vhost] {user} {conf} {write} {read}, the specific functions are as follows:
    • {vhost} indicates the vhost name to be accessed by authorized users, and the default is "/";
    • {user} indicates the user name of the specific vhost to be authorized;
    • {conf} indicates the configuration authority of the user to be authorized, and is a regular expression matching the resource name;
    • {write} indicates the write permission of the user to be authorized, which is a regular expression matching the resource name;
    • {read} indicates the read permission of the user to be authorized, and is a regular expression of a resource name.
# rabbitmqctl set_permissions -p / yang "^mip-.*" ".*" ".*"
Setting permissions for user "yang" in vhost "/" ...

The above example indicates that the user "yang" is authorized to have configuration permissions for all resource names starting with "mip-"; write permission and read permission for all resources.

  1. List all users who have permission to access the specified vhost, and have operation permission on the resources in the vhost: the rabbitmqctl list_permissions [-p vhost]default vhost is "/". Note that an empty string means no permissions.
# rabbitmqctl list_permissions -p /
Listing permissions for vhost "/" ...
user	configure	write	read
guest	.*	.*	.*
yang	^mip-.*	.*	.*
  1. Set the user to deny access to the specified vhost: rabbitmqctl clear_permissions [-p vhost] {username}, the default value of host is "/"
# rabbitmqctl clear_permissions -p / yang
Clearing permissions for user "yang" in vhost "/" ...
#
# rabbitmqctl list_permissions -p /
Listing permissions for vhost "/" ...
user	configure	write	read
guest	.*	.*	.*
  1. List the permission vhost of the specified user, and the resource operation permission on the vhost:rabbitmqctl list_user_permissions {username}
# rabbitmqctl list_user_permissions guest
Listing permissions for user "guest" ...
vhost	configure	write	read
/	.*	.*	.*

Guess you like

Origin blog.csdn.net/zyy247796143/article/details/127578199
Recommended
TIOBE May list: Fortran “resurrected” into Top 10
GCC 14.1 released
Ranking
B. Little Girl and Game【1300 / 回文字符串 博弈论】
CIKERS Shane 20190613
"Javascript advanced programming" study notes - the constructor and prototype
beeline hiveserver2 start
springboot - Automatically backup mysql data every day
Data Storage Full Solution--Detailed Persistence Technology
Detailed Explanation of Spring Web MVC DispatcherServlet—Official Original
TCP / IP protocol layers structure and function
Command type literal pos: unknown; Fallback type literal pos: unknown] with root cause
Design of multifunctional curtain controller with indoor anti-theft alarm
Daily
More
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)

Code World

© 2018 codetd.com