When authorization is
disabled, the server grants any connection request, and does not check permissions when a client accesses a destination (for example, publishing a message to a topic).
When authorization is enabled, the server grants connections only from valid authenticated users. The server checks permissions for client operations involving secure destinations.
To enable authorization, either edit
tibemsd.conf (set the
authorization property to
enabled, and restart the server). Or you can use the
tibemsadmin tool to dynamically enable authorization with the following
set server command:
When server authorization is enabled, the server checks user names and password of all connections without exceptions. However, operations on destinations, such as sending a message or receiving a message, are not verified unless the destination has enabled the
secure property on the destination. All operations by applications on the destination with
secure enabled are verified by the server according to the permissions listed in
acl.conf. Destinations with
secure disabled continue to operate without any restrictions.
When a destination does not have the secure property set, any authenticated user can perform any actions on that topic or queue.
See Destination Properties for more information about destination properties.