Administrators can enable or disable access control for the server. Administrators can also enable and disable permission checking for specific destinations.
The property in the main configuration file enables or disables the checking of permissions for all destinations managed by the server. The authorization
property also enables or disables verification of user names and passwords.
![]() |
The default setting is |
When authorization is disabled
, the server grants any connection request, and does not check permissions when a client accesses a destination (for example, publishing a message to a topic).
When authorization is enabled, the server grants connections only from valid authenticated users. The server checks permissions for client operations involving secure destinations.
To enable authorization, either edit tibemsd.conf
(set the authorization
property to enabled
, and restart the server). Or you can use the tibemsadmin
tool to dynamically enable authorization with the following command:
Authorization does affect connections between fault-tolerant server pairs; see Authorization and Fault-Tolerant Servers.
Administrators must always log in with the correct administration username and password to perform any administrative functioneven when authorization
is disabled
.
If server authorization is enabled, you can control access to individual destinations by enabling the secure
property on the destination. When the secure
property is set on a destination, it instructs the server to check user permissions whenever a user attempts to perform an operation on that destination.
When a destination does not have the secure
property set, any authenticated user can perform any actions on that topic or queue.
See Destination Properties for more information about destination properties.
TIBCO Enterprise Message Service™ User’s Guide Software Release 4.3, February 2006 Copyright © TIBCO Software Inc. All rights reserved www.tibco.com |