[rabbitmq-discuss] User permission

Matthias Radestock matthias at rabbitmq.com
Thu May 30 13:52:16 BST 2013

On 29/05/13 11:13, Slyth wrote:
> I think there has to be a better solution or not?
> Is it the best solution that I need for every user a new vhost or is it
> better to use one vhost and use regex to manage the access?
> Would you use the same solution?

The answer, as is so often the case, is "it depends".

The main downside to a set up with lots of vhosts is that a) messages 
cannot get routed to multiple vhost, and b) any client that needs access 
to multiple vhosts requires a separate connection to each.

 From the little you have told us about the requirements, (a) is not 
really an issue, since it appears that your applications will only ever 
send messages to their "own" queue and the single 'special' queue..

But (b) might bite you. In particular, you stated that "I should have 
full access (c+w+r) [to all queues]", which implies that there is some 
privileged users that needs to be able to work across all the user 
queues. With the vhost-per-user design that would require that user to 
establish one connection per user, which is tedious and resource consuming.


More information about the rabbitmq-discuss mailing list