[rabbitmq-discuss] Permissions for aliveness-test user

Jean Paul Galea ninuhadida at gmail.com
Mon Nov 26 10:31:06 GMT 2012


Hi again,

I found the reason why - the user was missing a tag:

~$ rabbitmqctl set_user_tags test management

Without the tag, the user has no access to the management plugin.

The user I was testing with before had the 'monitoring' tag set, hence 
the reason why it was authenticating. Also, since the string '' maps to 
'amq\.default', the permission in affect were:

'^aliveness-test|amq\.default$'
'^aliveness-test|amq\.default$'
'^aliveness-test|amq\.default$'

So, to wrap this up - if you want to create a user with the least 
possible permission for the sole purpose of running an aliveness-test on 
the vhost '/':

rabbitmqctl add_user user pass
rabbitmqctl set_user_tags user management
rabbitmqctl set_permissions -p / user '^aliveness-test$' 
'^amq\.default$' '^aliveness-test$'



On 11/26/2012 11:10 AM, Matthias Radestock wrote:
> On 26/11/12 10:06, Jean Paul Galea wrote:
>> Yes I am certain that this works:
>>
>> >> rabbitmqctl set_permissions -p / monitoring '^aliveness-test|$'
>> >> '^aliveness-test|$' '^aliveness-test|$'
>
> That's weird.
>
>> I created a user and assigned permissions as you described, but
>> authentication failed:
>>
>> rabbitmqctl add_user test test
>> rabbitmqctl set_permissions -p / test '^aliveness-test$'
>> '^amq\.default$' '^aliveness-test$'
>>
>> rabbitmqctl stop
>> rabbitmq-server -detached
>>
>> wget --header="Authorization: Basic dGVzdDp0ZXN0" --server-response -q
>> -O - -- 'http://127.0.0.1:15672/api/aliveness-test/%2F'
>> HTTP/1.0 401 Unauthorized
>> Server: MochiWeb/1.1 WebMachine/1.9.0 (someone had painted it blue)
>> Date: Mon, 26 Nov 2012 09:58:31 GMT
>> Content-Length: 51
>>
>>
>> Any ideas?
>
> Check the server logs.
>
> Regards,
>
> Matthias.
>



More information about the rabbitmq-discuss mailing list