[rabbitmq-discuss] RabbitMQ ACL suggestions?

Matthias Radestock matthias at rabbitmq.com
Wed Jun 29 23:29:04 BST 2011


Gavin,

On 29/06/11 23:17, Gavin M. Roy wrote:
> We've looked at doing passive queue declares to get queue depths for
> alerting, reporting and auto-scaling of our consumers. Unfortunately
> passive queue declares appear to require configure access. I can see why
> queue.declare requires this but passive commands perhaps should have a
> different bit setting?

That will change in the next release - passive declare won't require any 
permissions. The code change for that is already on 'default'.

> Another one that seems a bit strange is in order to acknowledge message
> receipt (i.e. Basic.Ack) it appears that one has to have the write
> permission set for the given user+queue.

That can't be right. basic.ack requires no permissions whatsoever.

> In addition, we are currently doing all of our monitoring via the
> Management Plugin's API. Unfortunately to get any data, the user calling
> the API to list information requires administration access. I'd love to
> be able to let Nagios/Your_Monitoring_Solution_Here poll the Rabbit node
> and get data without giving it access to change all of the configuration
> state and remove users.

Again, that should change in the next release. The code for it is going 
through qa atm.


Regards,

Matthias.


More information about the rabbitmq-discuss mailing list