🎄 Happy Holidays! 🥳
Most of Solace is closed December 24–January 1 so our employees can spend time with their families. We will re-open Thursday, January 2, 2024. Please expect slower response times during this period and open a support ticket for anything needing immediate assistance.
Happy Holidays!
Please note: most of Solace is closed December 25–January 2, and will re-open Tuesday, January 3, 2023.
Granular access for a Message-VPN user on Solace Cloud.
Hi,
Two general questions:
1> Do we have any granular level access on Message-VPN ? For now I can see only these two READ and READ-WRITE. We want to have users on Message VPN but with controlled access.
2> Is there any provision (or suggestion) to have the logic (consumer business logic) and configuration (queue creation + listing topics subscription ) separate. So that there is no deployment of business when there is only a configuration change ?
Thanks in advance.
Comments
-
Hi Abu,
question 1: granular level access:
As documented here: https://docs.solace.com/Configuring-and-Managing/CLI-User-Access-Levels.htm#CLI, there are 4 levels of access: none, read-only, read-write and admin.
Admin is for the whole broker.
read-only & read-write can be configured for the whole broker or for single message-vpns.question 2: separate business logic from broker configuration:
- Our APIs have calls to automatically create queues and topic subscriptions - but that's not true for all supported APIs (eg: the MQTT standard does not support this)
- we support REST-API calls to the broker to configure all necessary objects like queues, profiles, topic subscriptions.
Common practice is: create client-username(s), client-profiles, acl-profiles, topic-subscriptions outside the business logic (manually or automatically in your CI/CD pipeline).
2
