[rabbitmq-discuss] Issue: user is able to publish to queue that he does not have write permission to
Matthias Radestock
matthias at rabbitmq.com
Sat Sep 3 06:00:52 BST 2011
Bill,
On 02/09/11 16:14, Bill Gerrard wrote:
> Testing permissions and discovered user is able to publish to queue that
> he does not have write permission to.
Technically there is no such thing as publishing to a queue; one always
publishes to an exchange. Though the default exchange helps create the
illusion that one can publish to a queue.
As per http://www.rabbitmq.com/admin-guide.html#access-control,
publishing only requires write permissions on the exchange.
Depending on what exactly you want to do, one option might be to
1) create one fanout exchange per queue, named after the queue, binding
the queue to that exchange, and
2) prohibit write access to the default exchange, and
3) get publishers to publish to the per-queue fanout exchanges, and
4) restrict write access to the fanout exchanges in order to control who
can "publish" to what queue
Regards,
Matthias.
More information about the rabbitmq-discuss
mailing list