Access Control for Auto-Created Physical Destinations
The final section of the ACL properties file, includes access rules that specify for which users and groups the broker will auto-create a physical destination.
When a user creates a producer or consumer at a physical destination that does not already exist, the broker will create the destination if the broker’s auto-create property has been enabled.
By default, any user or group has the privilege of having a physical destination auto-created by the broker. This privilege is specified by the following rules:
queue.create.allow.user=* topic.create.allow.user=*
You can edit the ACL file to restrict this type of access.
The general syntax for physical destination auto-create access rules is as follows:
resourceType.create.access.principalType=principals
Where resourceType is either queue or topic.
For example, the following rules allow the broker to auto-create topic destinations for everyone except Snoopy.
topic.create.allow.user=* topic.create.deny.user=Snoopy
Note that the effect of physical destination auto-create rules must be congruent with that of physical destination access rules. For example, if you 1) change the destination access rule to forbid any user from sending a message to a destination but 2) enable the auto-creation of the destination, the broker will create the physical destination if it does not exist but it will not deliver a message to it.
- © 2010, Oracle Corporation and/or its affiliates