TIBCO Enterprise Message Service allows you to control access to the server by creating users and assigning passwords. The server can also authenticate users defined externally (such as an LDAP server).
Permissions apply to the activities a user can perform on each destination (topic and queue). Using permissions you can control which users have permission to send, receive, or browse messages for queues. You can also control who can publish or subscribe to topics, or who can create durable subscriptions to topics. Permissions are stored in the access control list for the server.
Groups allow you to create classes of users and control permissions on a more global level. Rather than granting and revoking permissions on destinations to individual users, you can control destination access at the group level. Users inherit any permissions from each of the groups they belong to, in addition to any permissions that are granted to them directly. Group information can also be retrieved from an external directory, such as an LDAP server.
![]() |
Permissions for all users and groups must be defined in the access control list for the TIBCO Enterprise Message Service server. See Users and Groups for more information about using an external directory service for authenticating users. See Setting Permissions for more information about permissions.
|
There are also administrator permissions that allow administrators to control which actions users can perform on the server such as create destinations, modify users, and view routes. Administrator permissions can apply globally, or they can be granted on specific destinations.
Figure 15 illustrates the relationships between users, groups and permissions.
Externally-configured users and groups are defined and managed using the external directory. Locally-configured users and groups, as well as the access control list, are configured using any of the administration interfaces (editing configuration files, using the administration tool, or the administration APIs).
![]() |
Access control and Secure Sockets Layer (SSL) have some similar characteristics. SSL allows for servers to require user authentication by way of the user’s digital certificate. SSL does not, however, specify any access control at the destination level. SSL and the access control features described in this chapter can be used together or separately to ensure secure access to your system. See Chapter 12, Using the SSL Protocol for more information about SSL.
|
The following procedure describes the general process for configuring users, groups, and permissions and where to find more information on performing each step.
TIBCO Enterprise Message Service™ User’s Guide Software Release 4.3, February 2006 Copyright © TIBCO Software Inc. All rights reserved www.tibco.com |