8.3.6. ACL Syntax

ACL rules must be on a single line and follow this syntax:

acl permission {<group-name>|<user-name>|"all"} {action|"all"} [object|"all"] [property=<property-value>]

acl permission {<group-name>|<user-name>|"all"} {action|"all"} [object|"all"] [property=<property-value>]

Copy to Clipboard

Toggle word wrap

In ACL files, the following syntactic conventions apply:

The default (anonymous) exchange is identified using name=amq.default.
A line starting with the # character is considered a comment and is ignored.
Empty lines and lines that contain only whitespace are ignored
All tokens are case sensitive. name1 is not the same as Name1 and create is not the same as CREATE
Group lists can be extended to the following line by terminating the line with the \ character
Additional whitespace - that is, where there is more than one whitespace character - between and after tokens is ignored. Group and ACL definitions must start with either group or acl and with no preceding whitespace.
All ACL rules are limited to a single line
Rules are interpreted from the top of the file down until the name match is obtained; at which point processing stops.
The keyword all matches all individuals, groups and actions
The last line of the file - whether present or not - will be assumed to be acl deny all all. If present in the file, all lines below it are ignored.
Names and group names may contain only a-z, A-Z, 0-9, - and _
Rules must be preceded by any group definitions they can use. Any name not defined as a group will be assumed to be that of an individual.
Qpid fails to start if ACL file is not valid
ACL rules can be reloaded at runtime by calling a QMF method

See Also:

Nach oben