<div>I wanted to see what the current thinking about the state of ACL's in RabbitMQ are. I've been trying to lock down my clusters and have run into some quirks:</div><div><br></div><div>We've looked at doing passive queue declares to get queue depths for alerting, reporting and auto-scaling of our consumers. Unfortunately passive queue declares appear to require configure access. I can see why queue.declare requires this but passive commands perhaps should have a different bit setting?</div>
<div><br></div><div>Another one that seems a bit strange is in order to acknowledge message receipt (i.e. Basic.Ack) it appears that one has to have the write permission set for the given user+queue. I wanted to lock consumers to read and publishers to write but at least in the case of consuming without using autoAck, this is not possible.</div>
<div><br></div><div>In addition, we are currently doing all of our monitoring via the Management Plugin's API. Unfortunately to get any data, the user calling the API to list information requires administration access.�I'd love to be able to let Nagios/Your_Monitoring_Solution_Here poll the Rabbit node and get data without giving it access to change all of the configuration state and remove users.</div>
<div><br></div><div>Are there any changes related to these areas planned for future releases?</div><div><br></div><div>Regards,</div><div><br></div><div>Gavin</div>