SAFMQ Group Security Contexts

SAFMQ uses the Security Group (sometimes referred to as Group(s)) paradigm to describe client authorization as applied to one or more User Account. Thus allowing multiple User Accounts (authentication contexts) to be granted similar permissions.

A SAFMQ Security Group is a named entity controlled via the SAFMQ API (See MQConnection). Groups consist of one or more User Accounts and are grated or denied three permissions: Modify Queues, Modify Users, and Modify Groups. The Modify Queues permission allows that account to create Queues in the SAFMQ server. The Modify Users permission allows the account to create and destroy other accounts as well as grant permissions to those accounts. The Modify Groups permission allows the account to create and destroy Security Groups (xref). These permissions are set via the SAFMQ API (and SAFMQ Manager) function MQConnection::GroupSetPermissions().

On a Queue by Queue basis, Security Groups and User Accounts (referred to collectively as Actors) are granted permissions to Queues (See Queue Access Control). This enables individual Users (Accounts) or Groups to be granted access to a Queue.

Table of Contents Hierarchy of classes

Safmq Documentation, copyright (c) 2004-2010 Matthew J. Battey, Licensed Under Apache License Ver 2.0
Powered By: Get SAFMQ: Store and Forward Message Queue at Fast, secure and Free Open Source software downloads