Skip to main content

ACL management

OpenTalk uses an in-memory Access Control List to efficiently track permissions. The controller maintains that list in its database. Controllers will synchronize changes to the ACL by sending changesets to each other using RabbitMQ.

Configuration

The section in the configuration file is called authz.

FieldTypeRequiredDefault valueDescription
synchronize_controllersboolnotrueMust true when usin multiple controllers. This should be set to false to avoid unnessecary work, when only using a single controller

opentalk-controller acl subcommand

This subcommand is used modify ACLs.

Help output

Help output looks like this:

Modify the ACLs

Usage: opentalk-controller acl <COMMAND>

Commands:
users-have-access-to-all-rooms Allows all users access to all rooms
help Print this message or the help of the given subcommand(s)

Options:
-h, --help Print help

opentalk-controller fix-acl subcommand

This subcommand is used to recreate all ACL entries from the current database content. Some updates to OpenTalk require this command to be run after migration.

Help output

Help output looks like this:

Recreate all ACL entries from the current database content. Existing entries will not be touched unless the command is told to delete them all beforehand

Usage: opentalk-controller fix-acl [OPTIONS]

Options:
--delete-acl-entries
!DANGER! Removes all ACL entries before running any fixes.

Requires all fixes to be run.

--skip-users
Skip user role fix

--skip-groups
Skip group membership fix

--skip-rooms
Skip fix of room permissions

--skip-module-resources
Skip fix of module resources permissions

--skip-events
Skip fix of event permission fixes

-h, --help
Print help (see a summary with '-h')