Granular access for a Message-VPN user on Solace Cloud.

Abu
Abu Member Posts: 13
edited February 2022 in General Discussions #1

Hi,
Two general questions:
1> Do we have any granular level access on Message-VPN ? For now I can see only these two READ and READ-WRITE. We want to have users on Message VPN but with controlled access.
2> Is there any provision (or suggestion) to have the logic (consumer business logic) and configuration (queue creation + listing topics subscription ) separate. So that there is no deployment of business when there is only a configuration change ?
Thanks in advance.

Tagged:

Comments

  • uherbst
    uherbst Member, Employee Posts: 129 Solace Employee

    Hi Abu,

    question 1: granular level access:
    As documented here: https://docs.solace.com/Configuring-and-Managing/CLI-User-Access-Levels.htm#CLI, there are 4 levels of access: none, read-only, read-write and admin.
    Admin is for the whole broker.
    read-only & read-write can be configured for the whole broker or for single message-vpns.

    question 2: separate business logic from broker configuration:

    • Our APIs have calls to automatically create queues and topic subscriptions - but that's not true for all supported APIs (eg: the MQTT standard does not support this)
    • we support REST-API calls to the broker to configure all necessary objects like queues, profiles, topic subscriptions.

    Common practice is: create client-username(s), client-profiles, acl-profiles, topic-subscriptions outside the business logic (manually or automatically in your CI/CD pipeline).