- Use the following command to open the RabbitMQ console:
|
|
For example, to add a user named guest, the command would be:
|
|
- To add the user to the administrator group, run:
rabbitmqctl set_user_tags guest administrator
Permissions and Groups
Permissions in RabbitMQ are tied to user roles. RabbitMQ has four default user roles: administrator, monitoring, policymaker, and management. Each role can be granted different access permissions.
The specific meanings of these four roles are as follows:
administrator: Has full operational privileges, including managing users, virtual hosts, policies, connectors, and more.monitoring: Only allowed to view RabbitMQ status and statistics.policymaker: Has the authority to define and manage policies but cannot change user, virtual host, or plugin settings.management: Has the permission to view and manage RabbitMQ and its objects through the management interface.
Additionally, you can create custom permission groups by defining custom roles. To create a custom role, run the following commands:
sudo rabbitmqctl add_vhost <virtual_host>sudo rabbitmqctl add_user <username> <password>sudo rabbitmqctl set_permissions -p <virtual_host> <username> ".*" ".*" ".*"sudo rabbitmqctl set_user_tags <username> <tag_list>
Where <tag_list> is a comma-separated list of tags, each representing a role. For example, to create a custom role for a user named myuser, the commands would be:
sudo rabbitmqctl add_vhost /myvhostsudo rabbitmqctl add_user myuser mypasswordsudo rabbitmqctl set_permissions -p /myvhost myuser ".*" ".*" ".*"sudo rabbitmqctl set_user_tags myuser mytag
You can then allocate access permissions for the new role by adding custom permissions in the RabbitMQ management interface or by defining them in a JSON configuration file.
It is important to note that granting full permissions may pose security risks, so it is advisable to impose appropriate restrictions based on actual needs.