[jira] Commented: (QPID-2539) Update ACL file syntax to be clearer and add extra operations

Tue, 11 May 2010 07:58:19 -0700 

    [ 
https://issues.apache.org/jira/browse/QPID-2539?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12866170#action_12866170
 ] 

Andrew Kennedy commented on QPID-2539:
--------------------------------------

RA: We need to have a mechanism to allow reloading of config files. This may 
include the ACL file, security config, log config etc..
       However I am wondering how much of config is going to overlap with QMF.
       For example the C++ broker is using QMF to reload the ACL file.
       So reloading of the ACL file is actually protected under the "METHOD" 
object.
 
      As I mentioned before, METHOD can cover both QMF and JMX. However I 
really dislike the name :)
      Perhaps we can have a meaningful name here. Maybe ADMIN (or MGT) instead 
of METHOD ?

LOG allows changing the log4j levels and USER grants the ability to add/delete 
users.

RA: Instead of using a separate top level object can we not have this under the 
purview of the MGT or ADMIN (previously METHOD) object and the properties to 
define the file name, log level etc..
       But I am also not really opposed to having a top level LOG object either.
       I'd be interested to hear opinions from a wider audience as well. 

ADK:
FYI, there is no ACL object, that may have been a typo.

I don't have any preference between ADMIN or MANGE, but I prefer both of those 
to METHOD. Also, to me this is an operation and the object types I suggested 
would then allow ACL lines like this:

    ACL ALLOW admin ADMIN BROKER # allow JMX/QMF access to read-only management 
attributes on the broker
    ACL ALLOW admin ADMIN CONFIG # allow JMX/QMF administration of 
configuration file reloading
    ACL ALLOW admin ADMIN LOG # allow JMX/QMF log level administration
    ACL ALLOW admin ADMIN USER # allow JMX/QMF user administration



> Update ACL file syntax to be clearer and add extra operations
> -------------------------------------------------------------
>
>                 Key: QPID-2539
>                 URL: https://issues.apache.org/jira/browse/QPID-2539
>             Project: Qpid
>          Issue Type: Sub-task
>          Components: Java Broker
>            Reporter: Andrew Kennedy
>             Fix For: 0.7
>
>


-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project:      http://qpid.apache.org
Use/Interact: mailto:dev-subscr...@qpid.apache.org

Reply via email to