Simple Access Entitlements Module
The AMPS distribution includes a module that provides access to resources that meet specific patterns. In this release, the simple access entitlement module is provided with AMPS, but is not loaded by default. This module is an optional extension to the AMPS product, and while it is included with the AMPS distribution, the module must be explicitly loaded, enabled, and configured.
When using this module, AMPS grants and denies permissions to resources based on the name of the resource. The name of the user is not considered by this module, so when this module is used every user has the same set of permissions for the transport.
When to Use the Simple Access Module
The AMPS Simple Access module can be a good option when:
There are specific topics for a transport that are allowed or denied, but no other restrictions on the transport.
There is no other entitlement system in use for the installation.
Most often, the simple access module is used to allow access to the parts of the Admin console that do not modify the state of an AMPS instance, while refusing access to the parts of the Admin console that affect the instance state.
Configuring AMPS to use the Simple Access Module
The simple access entitlement module is included in the AMPS distribution, but is not loaded in AMPS by default. To load the module, add the following configuration item to the Modules
block in your AMPS configuration:
Options for the module are set when the module is used for Entitlement
. When used in an Entitlement
block, the module requires the AllowedTopics
and/or DeniedTopics
options to be specified.
For example, the following configuration loads the module, uses the module for entitlements on the administrative console, and explicitly refuses access to paths beneath /amps/administrator
-- the paths that might modify the state of the instance. Since AllowedTopics
defaults to .*
, all other topics are allowed.
Last updated