Expand Collapse
Just a second...

Security.store

The Security.store file defines the security roles and the permissions associated with them. It also defines the default set of roles that are assigned to named or anonymous client sessions.

Note: You should stop the server before editing the security store directly. If you are using a cluster, all the servers in the cluster should be stopped before editing. If the server or cluster is running, changes should be made using the management console or the API.

The following sections each describe the syntax for a single line of the script file.

Note: The path keyword is synonymous with the topic keyword used in previous releases of Diffusion™ . Both keywords are accepted. Prefer path.

Assigning global permissions to a role

Railroad diagram
A railroad diagram that describes the syntax used to assign globally scoped permissions to a role: SET role PERMISSIONS, followed by a comma-separated list of global permissions inside square brackets.
Backus-Naur form
set " role_name " permissions [ '[' global_permission [ , global_permission ] ']' ]
Example 
set "ADMINISTRATOR" permissions [CONTROL_SERVER, VIEW_SERVER, VIEW_SECURITY, MODIFY_SECURITY]
set "CLIENT_CONTROL" permissions [VIEW_SESSION, MODIFY_SESSION, REGISTER_HANDLER]

Assigning default path permissions to a role

Railroad diagram
A railroad diagram that describes the syntax used to assign default path permissions to a role: SET role DEFAULT PATH PERMISSIONS, followed by a comma-separated list of path permissions inside square brackets.
Backus-Naur form
set " role_name " default path permissions [ '[' path_permission [ , path_permission ] ']' ]
Example 
set "CLIENT" default path permissions [READ_TOPIC , SEND_TO_MESSAGE_HANDLER]

Assigning path permissions associated with a specific path to a role

Railroad diagram
A railroad diagram that describes the syntax used to assign permissions scoped to a specific path to a role: SET role PATH path PERMISSIONS, followed by a comma-separated list of path permissions inside square brackets.
Backus-Naur form
set " role_name " path " path " permissions [ '[' path_permission [ , path_permission ] ']' ]
Example 
set "CLIENT" path "foo/bar" permissions [READ_TOPIC, SEND_TO_MESSAGE_HANDLER]
set "ADMINISTRATOR" path "foo" permissions [ MODIFY_TOPIC ]
set "CLIENT_CONTROL" path "foo" permissions [ ]

Removing all path permissions associated with a specific path to a role

Railroad diagram
A railroad diagram that describes the syntax used to remove permissions scoped to a specific path from a role: REMOVE role PERMISSIONS FOR PATH path.
Backus-Naur form
remove " role_name " permissions for path " path "
Example 
remove "CLIENT" permissions for path "foo/bar"

Including roles within another role

Railroad diagram
A railroad diagram that describes the syntax used to include a role within another role: SET role INCLUDES, followed by a followed by a comma-separated list of roles inside square brackets.
Backus-Naur form
set " role_name " includes [ '[' " role_name " [ , " role_name " ] ']' ]
Example 
set "ADMINISTRATOR" includes ["CLIENT_CONTROL" , "TOPIC_CONTROL"]
set "CLIENT_CONTROL" includes ["CLIENT"]

Assigning roles to a named session

Railroad diagram
A railroad diagram that describes the syntax used to assigned roles to a session with a named principal: SET ROLES FOR NAMED SESSIONS, followed by a followed by a comma-separated list of roles inside square brackets.
Backus-Naur form
set roles for named sessions [ '[' " role_name " [ , " role_name " ] ']' ]
Example 
set roles for named sessions ["CLIENT"]

Assigning roles to an anonymous session

Railroad diagram
A railroad diagram that describes the syntax used to assigned roles to an anonymous session: SET ROLES FOR ANONYMOUS NAMED SESSIONS, followed by a followed by a comma-separated list of roles inside square brackets.
Backus-Naur form
set roles for anonymous sessions [ '[' " role_name " [ , " role_name " ] ']' ]
Example 
set roles for anonymous sessions ["CLIENT"]