[rabbitmq-discuss] Issue: user is able to publish to queue that he does not have write permission to

Matthias Radestock matthias at rabbitmq.com
Sat Sep 3 06:00:52 BST 2011


Bill,

On 02/09/11 16:14, Bill Gerrard wrote:
> Testing permissions and discovered user is able to publish to queue that
> he does not have write permission to.

Technically there is no such thing as publishing to a queue; one always 
publishes to an exchange. Though the default exchange helps create the 
illusion that one can publish to a queue.

As per http://www.rabbitmq.com/admin-guide.html#access-control, 
publishing only requires write permissions on the exchange.

Depending on what exactly you want to do, one option might be to

1) create one fanout exchange per queue, named after the queue, binding 
the queue to that exchange, and

2) prohibit write access to the default exchange, and

3) get publishers to publish to the per-queue fanout exchanges, and

4) restrict write access to the fanout exchanges in order to control who 
can "publish" to what queue


Regards,

Matthias.


More information about the rabbitmq-discuss mailing list