One thing that is common in the enterprise world, especially in highly regulated industries, is to have separation of duties. Role-based access controls (RBAC) have built-in support for separation of duties. Roles determine what operations a user can and cannot perform. This post provides an example of how to configure proper RBAC on top of Red Hat AMQ, a flexible, high-performance messaging platform based on the open source Apache ActiveMQ Artemis project.
In most of the cases, separation of duties on Red Hat AMQ can be divided into three primary roles:
- Administrator role, which will have all permissions
- Application role, which will have permission to publish, consume, or produce messages to a specific address, subscribe to topics or queues, or create and delete addresses.
- Operation role, which will have read-only permission via the web console or supported protocols
To implement those roles, Red Hat AMQ has several security features that need be configured, as described in the following sections.
Continue reading “Setting up RBAC on Red Hat AMQ Broker”