github.com/nats-io/nats-server/v2@v2.11.0-preview.2/server/configs/reload/authorization_2.conf (about)

     1  listen:   127.0.0.1:-1
     2  
     3  authorization {
     4    # Our role based permissions.
     5  
     6    # Superuser can do anything.
     7    super_user = {
     8      publish = ">"
     9      subscribe = ">"
    10    }
    11    # Can do requests on _INBOX.foo.bar, and subscribe to anything
    12    # that is a response to an _INBOX.foo.
    13    #
    14    # Notice that authorization filters can be singletons or arrays.
    15    req_pub_user = {
    16      publish = ["_INBOX.foo.bar"]
    17      subscribe = "_INBOX.foo.>"
    18    }
    19  
    20    # Setup a default user that can subscribe to anything, but has
    21    # no publish capabilities.
    22    default_user = {
    23      subscribe = {
    24        allow: ["PUBLIC.>", "foo.*"]
    25        deny: ["PUBLIC.foo"]
    26      }
    27    }
    28  
    29    # Default permissions if none presented. e.g. susan below.
    30    default_permissions: $default_user
    31  
    32    # Users listed with persmissions.
    33    users = [
    34      {user: alice, password: foo, permissions: $super_user}
    35      {user: bob,   password: bar, permissions: $req_pub_user}
    36      {user: susan, password: baz}
    37    ]
    38  }