[rabbitmq-discuss] access control
PATAR, SAGAR
sp345s at att.com
Mon Nov 18 17:16:49 GMT 2013
I have a topic "demo.account.topic" and 2 users "demo" and "test".. configured on rabbitMQ 3.1.5
For "demo" user the permission expression for configure, read, write - "demo.*"
For "test" user the permission expression for configure, read, write - "test.*"
I have a ConfirmCallback configured.. When sending messages using user "demo" on "demo.account.topic" exchange I see confirm method being called back and also see the spike on message rate in the management console ...GOOD ...
but when I use "test" user .. I don't see any exception and it just hangs there .. no spike on the console and no confirm method was called back ... NOT sure but I was expecting an exception when "test" user was trying to send a message as he doesn't have access too ..
When read the messages ..using "demo" user on "demo.account.topic" exchange ..I see a channel exception and on console the channel count is "0" with permission expression for configure, read, write - "demo.*"
channel error; reason: {#method<channel.close>(reply-code=404, reply-text=NOT_FOUND - no queue '8c39360e-0d72-436a-9de2-c06f6a5cec58' in vhost '/', class-id=50, method-id=10), null, ""}
When I change the configure permission to ".*" and leave the read and write to "demo.*" .. Below is exception but was able to see a new dynamic queue created in the console with no binding .. channel count is "1" on console ..
channel error; reason: {#method<channel.close>(reply-code=403, reply-text=ACCESS_REFUSED - access to queue 'bb771ff2-67ea-452e-a98f-163467469af9' in vhost '/' refused for user 'dlcore', class-id=60, method-id=20), null, ""}
When I change the configure, write permission to ".*" and leave the read to "demo.*" .. Below is the exception but was able to see a new dynamic queue created in the console with binding and messages were flowing through this queue ..but the consumer was not able to consume them ..
channel error; reason: {#method<channel.close>(reply-code=403, reply-text=ACCESS_REFUSED - access to queue '65eda6e4-1ec0-482e-93e5-fd0d247412b4' in vhost '/' refused for user 'dlcore', class-id=60, method-id=20), null, ""}
My requirement is to be able to configure new queues dynamically and consume the message based on the permissions.. I am using the management console to set Permissions ..
Appreciate all the help ..
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rabbitmq.com/pipermail/rabbitmq-discuss/attachments/20131118/465499b0/attachment.htm>
More information about the rabbitmq-discuss
mailing list