LogoLogo
CloudDiscordGitHub
  • 👉Getting Started
    • Introduction
    • Quick start
    • Learn by example
    • Case studies
    • How to contribute?
  • ⭐Memphis Broker
    • Architecture
    • Key concepts
      • Message broker
      • Station
      • Producer API
      • Consumer API
      • Consumer Group
      • Storage and Redundancy
      • Security/Authentication
      • Scaling
      • Ordering
      • Dead-letter Station (DLS)
      • Delayed messages
      • Data exchange
      • Idempotency (Duplicate processing)
      • Failover Scenarios
      • Troubleshooting process
      • Connectors
    • Best practices
      • Producer optimization
      • Compression
    • Memphis configuration
    • Comparisons
      • NATS Jetstream vs Memphis
      • RabbitMQ vs Memphis
      • AWS SQS vs Memphis
      • Apache Kafka vs Memphis
      • Apache Pulsar vs Memphis
      • ZeroMQ vs Memphis
      • Apache NiFi vs Memphis
    • Privacy Policy
  • ⭐Memphis Schemaverse
    • Overview
    • Getting started
      • Management
      • Produce/Consume
        • Protobuf
        • JSON Schema
        • GraphQL
        • Avro
    • Comparison
    • KB
  • 📦Open-Source Installation
    • Kubernetes
      • 1 - Installation
      • 2 - Access
      • 3 - Upgrade
      • Terraform
        • Deploy on AWS
        • Deploy on GCP
        • Deploy on DigitalOcean
      • Guides
        • Deploy/Upgrade Memphis utilizing predefined secrets
        • Monitoring/Alerts Recommendations
        • Production Best Practices
        • NGINX Ingress Controller and Cloud-Agnostic Memphis Deployments
        • Migrate Memphis storage between storageClass's
        • Expanding Memphis Disk Storage
        • Scale-out Memphis cluster
        • TLS - Deploy Memphis with TLS Connection to Metadata Frontend
        • TLS - Memphis TLS websocket configuration
        • TLS - Securing Memphis Client with TLS
        • Installing Memphis with an External Metadata Database
    • Docker
      • 1 - Installation
      • 2 - Access
      • 3 - Upgrade
    • Open-source Support
  • Client Libraries
    • REST (Webhook)
    • Node.js / TypeScript / NestJS
    • Go
    • Python
    • Kotlin (Community)
    • .NET
    • Java
    • Rust (Community)
    • NATS
    • Scala
  • 🔌Integrations Center
    • Index
    • Processing
      • Zapier
    • Change data Capture (CDC)
      • Debezium
    • Monitoring
      • Datadog
      • Grafana
    • Notifications
      • Slack
    • Storage tiering
      • S3-Compatible Object Storage
    • Source code
      • GitHub
    • Other platforms
      • Argo
  • 🗒️Release notes
    • KB
    • Releases
      • v1.4.3 - latest/stable
      • v1.4.2
      • v1.4.1
      • v1.4.0
      • v1.3.1
      • v1.3.0
      • v1.2.0
      • v1.1.1
      • v1.1.0
      • v1.0.3
      • v1.0.2
      • v1.0.1
      • V1.0.0 - GA
      • v0.4.5 - beta
      • v0.4.4 - beta
      • v0.4.3 - beta
      • v0.4.2 - beta
      • v0.4.1 - beta
      • v0.4.0 - beta
      • v0.3.6 - beta
      • v0.3.5 - beta
      • v0.3.0 - beta
      • v0.2.2 - beta
      • v0.2.1 - beta
      • v0.2.0 - beta
      • v0.1.0 - beta
Powered by GitBook
LogoLogo

Legal

  • Terms of Service
  • Privacy Policy

All rights reserved to Memphis.dev 2023

On this page
  • Type of users
  • Client authentication methods
  • Role-based access control (RBAC)

Was this helpful?

  1. Memphis Broker
  2. Key concepts

Security/Authentication

This section details the authentication and authorization functionalities in Memphis, both of which allow the operator to manage access control within Memphis.

Last updated 1 year ago

Was this helpful?

Type of users

Memphis offers two types of credentials:

  • Application (for clients). Each connection is linked with a specific user and either a password or a connection-token for authentication purposes. Application credentials, such as username, password/connection token, and optionally a client certificate, are established at the time of initiating a connection. Additionally, there is a default set of credentials known as the root user, the details of which are provided in the post-installation notes.

  • Management. Solely for management purposes, this is to facilitate control over the User Interface (UI) and Command Line Interface (CLI).

Client authentication methods

When deploying Memphis, there is an option to choose the authentication method. The method should be chosen based on the application and the organization's security requirements.

  • Username + password (Default for both self-hosted and cloud). Each new user (both application and management) gets created with a dedicated username and password.

  • Username + connection token (Deprecated) Each new application-type user gets created with a dedicated username and a connection-token

Role-based access control (RBAC)

Role-based access control provides a more detailed level of control, ensuring that particular users can engage with specific stations. This system allows for tailored permissions, such as read-only (consume), write-only (produce), or both read and write access.

RBAC settings can be adjusted via the Web Console during the creation of a new client-type user:

How to configure read (consume) permissions

  • This can be done either by selecting particular stations or by defining a pattern. For instance, using prod.* will include all stations beginning with prod. . Additionally, multiple patterns can be specified.

How to configure write (produce) permissions

  • This can be done either by selecting particular stations or by defining a pattern. For instance, using prod.* will include all stations beginning with prod. . Additionally, multiple patterns can be specified.

Station names must include the character ., and the character * should only appear after . to utilize the wildcard pattern.

⭐
Page cover image