Managing User Access to Self-Managed Event Brokers
This section discusses:
- Managing the authentication and authorization settings for Solace Management Users connecting to event brokers.
- Creating and configuring Linux Shell Users.
Solace Management Users
Solace management users connect to a Solace event broker to configure, manage, and monitor it. There are two types of users:
- CLI User—A management user that connects to the event broker through the Solace Event Broker CLI, Broker Manager, or SolAdmin. A CLI user can also be a management application that uses Solace Element Management Protocol (SEMP) requests over an HTTP service to manage and monitor the event broker. This user connection uses the Secure Shell (SSH) protocol. CLI users can have different CLI User Access Levels assigned to their account.
- File Transfer User—A user that can remotely transfer files to and from specific directories on the event broker using Secure File Transfer Protocol (SFTP) or Secure Copy (SCP).
A client management application can monitor an event broker using the SEMP Request Over Message Bus service. For information about configuring client application authentication for a Solace event broker, see Configuring Client Authentication.
Linux Shell Users
Linux shell users can log in to an appliance event brokerʼs Linux shell. The root user and default support user are in this category and are both built into the appliance event broker. The other configurable user groups (creatable support users, sysadmin users, and restricted users) provide additional operational flexibility. For more information, see Configuring Multiple Linux Shell Users. The available Linux shell users include:
- Root User—A single, built-in user that has root privileges in the appliance event brokerʼs Linux shell.
- Sysadmin Users—These are root-like users who can run all commands in the appliance event broker's Linux shell with root privileges without entering the root password by using
sudo. Sysadmin users can perform any appliance event broker configuration procedure in these documents that note you need root access, or to be the root user, to perform. Sysadmin users are created and configured by the Root user or other Sysadmin users. There are no built-in, pre-configured Sysadmin users. - Support User (default) —A single, default, built-in Linux user that is allowed to execute a limited set of appliance event broker shell commands and scripts to allow for low-level event broker troubleshooting.
- Support Users (creatable)—These are additional support users that are created and configured by either root or sysadmin users. They have the same privileges as the default support user, and are allowed to execute a limited set of appliance event broker shell commands and scripts.
- Restricted Users—These users have read access to appliance event broker logs, read/write access to files in their home directory, and read access to designated files owned by other users. They can execute shell commands that don’t need root access. Restricted users can be created by root or sysadmin users. There are no built-in restricted users.
Linux shell users apply only to appliance event brokers.
You can create users and groups on the host for software event brokers. However, because the host OS is not managed by Solace, those users and groups may be deleted during upgrades.