Table of Contents
Just a second...

Security.store

The Security.store file defines the security roles and the permissions associated with them. It also defines the default set of roles that are assigned to named or anonymous client sessions.

The following sections each describe the syntax for a single line of the script file.

Assigning global permissions to a role

Railroad diagram
A railroad diagram that describes the syntax used to assign globally scoped permissions to a role: SET role PERMISSIONS, followed by a comma-separated list of global permissions inside square brackets.
Backus-Naur form
set " role_name " permissions [ [ global_permission [ , global_permission ] ] ]
Example
set "ADMINISTRATOR" permissions [CONTROL_SERVER, VIEW_SERVER, VIEW_SECURITY, MODIFY_SECURITY]
set "CLIENT_CONTROL" permissions [VIEW_SESSION, MODIFY_SESSION, REGISTER_HANDLER]

Assigning default topic permissions to a role

Railroad diagram
A railroad diagram that describes the syntax used to assign default topic permissions to a role: SET role DEFAULT TOPIC PERMISSIONS, followed by a comma-separated list of topic permissions inside square brackets.
Backus-Naur form
set " role_name " default topic permissions [ [ topic_permission [ , topic_permission ] ] ]
Example
set "CLIENT" default topic permissions [READ_TOPIC , SEND_TO_MESSAGE_HANDLER]

Assigning topic permissions associated with a specific topic path to a role

Railroad diagram
A railroad diagram that describes the syntax used to assign permissions scoped to a specific topic to a role: SET role TOPIC topic-path PERMISSIONS, followed by a comma-separated list of topic permissions inside square brackets.
Backus-Naur form
set " role_name " topic " topic_path " permissions [ [ topic_permission [ , topic_permission ] ] ]
Example
set "CLIENT" topic "foo/bar" permissions [READ_TOPIC, SEND_TO_MESSAGE_HANDLER]
set "ADMINISTRATOR" topic "foo" permissions [ MODIFY_TOPIC ]
set "CLIENT_CONTROL" topic "foo" permissions [ ]

Removing all topic permissions associated with a specific topic path to a role

Railroad diagram
A railroad diagram that describes the syntax used to remove permissions scoped to a specific topic from a role: REMOVE role PERMISSIONS FOR TOPIC topic-path.
Backus-Naur form
remove " role_name " permissions for topic " topic_path "
Example
remove "CLIENT" permissions for topic "foo/bar"

Including roles within another role

Railroad diagram
A railroad diagram that describes the syntax used to include a role within another role: SET role INCLUDES, followed by a followed by a comma-separated list of roles inside square brackets.
Backus-Naur form
set " role_name " includes [ [ " role_name " [ , " role_name " ] ] ]
Example
set "ADMINISTRATOR" includes ["CLIENT_CONTROL" , "TOPIC_CONTROL"]
set "CLIENT_CONTROL" includes ["CLIENT"]

Assigning roles to a named session

Railroad diagram
A railroad diagram that describes the syntax used to assigned roles to a session with a named principal: SET ROLES FOR NAMED SESSIONS, followed by a followed by a comma-separated list of roles inside square brackets.
Backus-Naur form
set roles for named sessions [ [ " role_name " [ , " role_name " ] ] ]
Example
set roles for named sessions ["CLIENT"]

Assigning roles to an anonymous session

Railroad diagram
A railroad diagram that describes the syntax used to assigned roles to an anonymous session: SET ROLES FOR ANONYMOUS NAMED SESSIONS, followed by a followed by a comma-separated list of roles inside square brackets.
Backus-Naur form
set roles for anonymous sessions [ [ " role_name " [ , " role_name " ] ] ]
Example
set roles for anonymous sessions ["CLIENT"]