Skip to content

Ownership and permissions

Enforcement of ownership and permission rules is deployment specific, so in addition to reading these general rules, ask your Hermes administrator how are they enforced. By default there is no authorization mechanism in place.

All GET operations can be done without any form of authorization.

Ownership

Each topic and subscription in Hermes is owned by an owner. Hermes is owned and administered by an administrator.

Group

Operation Permissions
Add new group administrator
Remove existing group administrator
Modify group administrator

Topics

Operation Permissions
Add new topic any logged in user
Remove existing topic topic owner
Modify topic topic owner

Publishing permission

You can configure which services can publish on which topic configuring topic.auth section. How publisher name is evaluated is deployment specific. It can be extracted from ssl certificate or read from supplied header for instance. Worth noting is that for authorization features to work those have to be enabled on your hermes cluster by your administrator.

Option Description Options Default value
enabled enable topic authorization true, false false
unauthenticatedAccessEnabled allow publishing for services without credentials true, false false
publishers array of service names that are allowed to publish - []

Example:

{
    "name": "my-group.my-topic",
    "description": "This is my topic",
    "contentType": "JSON",
    "retentionTime": {
        "duration": 1
    },
    "owner": {
        "source": "Plaintext",
        "id": "My Team"
    },
    "auth": {
      "enabled": true,
      "unauthenticatedAccessEnabled": false,
      "publishers": ["my-publisher-1", "my-publisher-2"]
    }
}

Subscriptions

Operation Permissions
Add new subscription any logged in user
Remove existing subscription subscription owner or topic owner
Modify subscription subscription owner or topic owner
Retransmit messages subscription owner or topic owner