RBAC

Setting up RBAC on Red Hat AMQ Broker

Setting up RBAC on Red Hat AMQ Broker

One thing that is common in the enterprise world, especially in highly regulated industries, is to have separation of duties. Role-based access controls (RBAC) have built-in support for separation of duties. Roles determine what operations a user can and cannot perform. This post provides an example of how to configure proper RBAC on top of Red Hat AMQ, a flexible, high-performance messaging platform based on the open source Apache ActiveMQ Artemis project.

In most of the cases, separation of duties on Red Hat AMQ can be divided into three primary roles:

  1. Administrator role, which will have all permissions
  2. Application role, which will have permission to publish, consume, or produce messages to a specific address, subscribe to topics or queues, or create and delete addresses.
  3. Operation role, which will have read-only permission via the web console or supported protocols

To implement those roles, Red Hat AMQ has several security features that need be configured, as described in the following sections.

Continue reading “Setting up RBAC on Red Hat AMQ Broker”

Share
How to customize OpenShift RBAC permissions

How to customize OpenShift RBAC permissions

Recently I’ve received a question from a customer who would like to restrict user permission in OpenShift Container Platform in order to be compliant with his company’s security policies.

OpenShift has rich and fine-grained RBAC capabilities out of the box, which gives you the possibility to setup exactly who can do actions (verbs in OpenShift word) on every kind of resource.

Before we begin to dive deep into this topic, I have provided links to some resources I think will be of use to help better understand the concepts of roles, roles scope, RoleBinding, groups, etc.

Continue reading “How to customize OpenShift RBAC permissions”

Share