Configuring TIBCO Enterprise Message Service Servers for Non-Admin Users

Configuration of TIBCO ActiveMatrix runtime objects and services is easiest if you have administrative privileges on the TIBCO Enterprise Message Service server you want to use. If you do not have administrative privileges, you can set up the TIBCO Enterprise Message Service server to configure Enterprise Message Service servers for non-admin users.

If you want to configure TIBCO ActiveMatrix runtime objects and services, and you do not have administrator privileges on the TIBCO Enterprise Message Service server you want to use, you can configure the TIBCO Enterprise Message Service server to configure Enterprise Message Service servers for non-admin users. The following steps list the most restrictive permissions necessary.
    Procedure
  1. In the TIBCO Enterprise Message Service server console, set permissions for the Administrator server users. In the following commands, replace username and password with the username and password values appropriate for each bus.
    Messaging Bus
    delete queue >
    delete topic >
    create user username "Description of the user" password=password
    create queue AMX_SV.>
    grant queue AMX_SV.> user=username create, delete, modify, send, receive
    Notification Bus
    delete queue >
    delete topic >
    create user username "Description of the user" password=password
    create topic EMSGMS.>
    grant topic EMSGMS.> user=username create, modify, subscribe, publish
    grant topic $sys.monitor.connection.* user=username subscribe
    grant admin user=username view-connection,view-server
    create topic AMX_MGMT.>
    grant topic AMX_MGMT.> user=username create, modify, subscribe, publish
    create queue AMX_MGMT.>
    grant queue AMX_MGMT.> user=username create, delete, modify, send, receive
    Management Bus
    delete queue >
    delete topic >
    create user username "Description of the user" password=password
    create queue com.tibco.amf.admin.deploymentServerQueue.>
    grant queue com.tibco.amf.admin.deploymentServerQueue.> user=username create, delete, send, receive
    Logging and Payload Buses
    delete queue >
    delete topic >
    create user username "Description of the user" password=password
    create queue cl_logservice_queue.physical
    create queue cl_payload_queue.physical
    grant queue cl_logservice_queue.physical user=username send, receive
    grant queue cl_payload_queue.physical user=username send, receive
    create jndiname cl_logservice_queue queue cl_logservice_queue.physical
    create jndiname cl_payload_queue queue cl_payload_queue.physical
    Monitoring Bus
    delete queue >
    delete topic >
    create user username "Description of the user" password=password
    create queue amx.governance.stats
    grant queue amx.governance.stats user=username send, receive
    create queue amx.governance.internal.stats
    grant queue amx.governance.internal.stats user=username send, receive
  2. If you intend to manually separate notification, management, and messaging buses, group their constraints first.
    The Notification, Management, and Messaging buses are initially grouped together as are the Monitoring, Logging, and Payload buses.
    Messaging, Notification, and Management Buses
    delete queue >
    delete topic >
    create user username "Description of the user" password=password
    create queue AMX_SV.>
    grant queue AMX_SV.> user=username create, delete, modify, send, receive
    create topic EMSGMS.>
    grant topic EMSGMS.> user=username create, modify, subscribe, publish
    grant topic $sys.monitor.connection.* user=username subscribe
    create queue com.tibco.amf.admin.deploymentServerQueue.>
    grant admin user=username view-connection,view-server
    grant queue com.tibco.amf.admin.deploymentServerQueue.> user=username create, delete, send, receive
     create topic AMX_MGMT.>
     grant topic AMX_MGMT.> user=username create, modify, subscribe, publish
    
     create queue AMX_MGMT.>
     grant queue AMX_MGMT.> user=username create, delete, modify, send, receive
    
    Monitoring, Logging, and Payload Buses
    delete queue >
    delete topic >
    create user username "Description of the user" password=password
    create queue cl_logservice_queue.physical
    create queue cl_payload_queue.physical
    create queue amx.governance.stats
    create queue amx.governance.internal.stats
    grant queue cl_logservice_queue.physical user=username send, receive
    grant queue cl_payload_queue.physical user=username send, receive
    grant queue amx.governance.stats user=username send, receive
    grant queue amx.governance.internal.stats user=username send, receive
    create jndiname cl_logservice_queue queue cl_logservice_queue.physical
    create jndiname cl_payload_queue queue cl_payload_queue.physical
    create queue AMX_SV.>
    grant queue AMX_SV.> user=username create, delete, modify, send, receive
    create topic EMSGMS.>
    grant topic EMSGMS.> user=username create, modify, subscribe, publish
  3. Configure and create the Administrator server and TIBCO Host instances as described in Create TIBCO ActiveMatrix Administrator Server and TIBCO Host Instance.