TIBCO
- administrator permission
The permission defines the right for users/groups to create, modify, delete, and view users, destinations, routes, factories and others.
Notes: users in admin group have all administrator permissions regardless of the permission settings.
You can not grant revoke administrator permissions from any users in admin group.
Users with change-admin-acl and view-user/group permission can grant or revoke permissions to other users but can only grant or revoke permissions that have been granted.
Users in groups inherit the administrator permission.
- destination-based administrator permission
The permission defines the right for users/group to create, modify, delete, purge, view destinations.
Notes: any destination-lever permission granted to a user or group for a wildcard destination is inherited for all child destinations.
- user permission
The permission defines the right for users/group to send, receive to/from queue or publish, subscribe to/from topic. Besides, it defines the right to create durable subscriptions to topics.
Server/Destination Connection Settings
Once the authorization is disabled (default setting), the server grants any connection request and doest not check permissions when a client connects to a destination.
Note: users must always log in with the correct administration username and password to perform any administrative function.
Once the authorization is enabled, the server grants connections only from authorized users. The server will check the destination permission if the destination has secure property.
Note: secure is a destination-based property. The server will not check the destination permission even if the destination permissions have defined but the secure property does not set.
No comments:
Post a Comment