Security.store
The Security.store file defines the security roles and the permissions associated with them. It also defines the default set of roles that are assigned to named or anonymous client sessions.
The following sections each describe the syntax for a single line of the script file.
Assigning global permissions to a role
Railroad diagram

Backus-Naur
form
set
"
role_name
"
permissions
[
[
global_permission
[
,
global_permission
]
]
]
Example
set "ADMINISTRATOR" permissions [CONTROL_SERVER, VIEW_SERVER, VIEW_SECURITY, MODIFY_SECURITY] set "CLIENT_CONTROL" permissions [VIEW_SESSION, MODIFY_SESSION, REGISTER_HANDLER]
Assigning default topic permissions to a role
Railroad diagram

Backus-Naur
form
set
"
role_name
"
default topic permissions
[
[
topic_permission
[
,
topic_permission
]
]
]
Example
set "CLIENT" default topic permissions [READ_TOPIC , SEND_TO_MESSAGE_HANDLER]
Assigning topic permissions associated with a specific topic path to a role
Backus-Naur
form
set
"
role_name
"
topic
"
topic_path
"
permissions
[
[
topic_permission
[
,
topic_permission
]
]
]
Example
set "CLIENT" topic "foo/bar" permissions [READ_TOPIC, SEND_TO_MESSAGE_HANDLER] set "ADMINISTRATOR" topic "foo" permissions [ MODIFY_TOPIC ] set "CLIENT_CONTROL" topic "foo" permissions [ ]
Removing all topic permissions associated with a specific topic path to a role
Railroad diagram

Backus-Naur
form
remove
"
role_name
"
permissions for topic
"
topic_path
"
Example
remove "CLIENT" permissions for topic "foo/bar"
Including roles within another role
Railroad diagram

Backus-Naur
form
set
"
role_name
"
includes
[
[
"
role_name
"
[
,
"
role_name
"
]
]
]
Example
set "ADMINISTRATOR" includes ["CLIENT_CONTROL" , "TOPIC_CONTROL"] set "CLIENT_CONTROL" includes ["CLIENT"]
Assigning roles to a named session
Railroad diagram

Backus-Naur
form
set roles for named sessions
[
[
"
role_name
"
[
,
"
role_name
"
]
]
]
Example
set roles for named sessions ["CLIENT"]
Assigning roles to an anonymous session
Railroad diagram

Backus-Naur
form
set roles for anonymous sessions
[
[
"
role_name
"
[
,
"
role_name
"
]
]
]
Example
set roles for anonymous sessions ["CLIENT"]