[rabbitmq-discuss] RabbitMQ ACL suggestions?

Gavin M. Roy gmr at myyearbook.com
Wed Jun 29 23:31:00 BST 2011


On Wed, Jun 29, 2011 at 6:29 PM, Matthias Radestock
<matthias at rabbitmq.com>wrote:

>
> On 29/06/11 23:17, Gavin M. Roy wrote:
>
>> We've looked at doing passive queue declares to get queue depths for
>> alerting, reporting and auto-scaling of our consumers. Unfortunately
>> passive queue declares appear to require configure access. I can see why
>> queue.declare requires this but passive commands perhaps should have a
>> different bit setting?
>>
>
> That will change in the next release - passive declare won't require any
> permissions. The code change for that is already on 'default'.


Great :)


> Another one that seems a bit strange is in order to acknowledge message
>> receipt (i.e. Basic.Ack) it appears that one has to have the write
>> permission set for the given user+queue.
>>
>
> That can't be right. basic.ack requires no permissions whatsoever.


Hmm ok, will take a look then, I could be thinking of something else then,
it's been fuzzy sitting in the back of my head on my "to send an email
about" list when I came across the passive declare bit today when locking
that down.


> In addition, we are currently doing all of our monitoring via the
>> Management Plugin's API. Unfortunately to get any data, the user calling
>> the API to list information requires administration access. I'd love to
>> be able to let Nagios/Your_Monitoring_**Solution_Here poll the Rabbit
>> node
>> and get data without giving it access to change all of the configuration
>> state and remove users.
>>
>
> Again, that should change in the next release. The code for it is going
> through qa atm.
>

Awesome, thanks!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rabbitmq.com/pipermail/rabbitmq-discuss/attachments/20110629/cc4d0633/attachment.htm>


More information about the rabbitmq-discuss mailing list