[rabbitmq-discuss] Issue: user is able to publish to queue that he does not have write permission to

• Previous message: [rabbitmq-discuss] Issue: user is able to publish to queue that he does not have write permission to
• Next message: [rabbitmq-discuss] Issue: user is able to publish to queue that he does not have write permission to
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Bill,

On 02/09/11 16:14, Bill Gerrard wrote:
> Testing permissions and discovered user is able to publish to queue that
> he does not have write permission to.

Technically there is no such thing as publishing to a queue; one always 
publishes to an exchange. Though the default exchange helps create the 
illusion that one can publish to a queue.

As per http://www.rabbitmq.com/admin-guide.html#access-control, 
publishing only requires write permissions on the exchange.

Depending on what exactly you want to do, one option might be to

1) create one fanout exchange per queue, named after the queue, binding 
the queue to that exchange, and

2) prohibit write access to the default exchange, and

3) get publishers to publish to the per-queue fanout exchanges, and

4) restrict write access to the fanout exchanges in order to control who 
can "publish" to what queue


Regards,

Matthias.

• Previous message: [rabbitmq-discuss] Issue: user is able to publish to queue that he does not have write permission to
• Next message: [rabbitmq-discuss] Issue: user is able to publish to queue that he does not have write permission to
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]