Control access to the EMS Server:Authentication and Permissions

TIBCO Enterprise Message Service allows you to control access to the server by creating users and assigning passwords, creating groups, setting permissions etc. The server can also authenticate users defined in an external directory (such as an LDAP server)

Permissions for all users and groups must be defined in the access control list for the TIBCO Enterprise Message Service server. There are also administrator permissions that allow administrators to control which actions users can perform on the server such as create destinations, modify users, and view routes. Administrator permissions can apply globally, or they can be granted on specific destinations.

Enabling Access Control
There are two levels where authorization is set.

Server: The authorization property in the main configuration file enables or disables the checking of permissions for all destinations managed by the server. The authorization property also enables or disables verification of user names and passwords.

To enable authorization, edit the tibemsd.conf file:
authorization = enabled

From the command line admin utility:

set server authorization = enabled

If this is not set, then the server allows any client connection and no permissions are checked on any destination. Enabling authorization immediately applies to existing client connections (except route connections). The server begins checking permissions.

Destination: The secure property of the destinations is used to allow the server to check permissions of a client connection for that particular destination when a user attempts to perform any operation on that destination

Setting Permissions
Permissions are stored in the access control list and determine the actions a user can perform on a destination. Permissions can only be granted by users that have the appropriate administrator permissions.

Please go through the corresponding chapter in the JMS documentation for further detailed information