<div>I wanted to see what the current thinking about the state of ACL's in RabbitMQ are. I've been trying to lock down my clusters and have run into some quirks:</div><div><br></div><div>We've looked at doing passive queue declares to get queue depths for alerting, reporting and auto-scaling of our consumers. Unfortunately passive queue declares appear to require configure access. I can see why queue.declare requires this but passive commands perhaps should have a different bit setting?</div>
<div><br></div><div>Another one that seems a bit strange is in order to acknowledge message receipt (i.e. Basic.Ack) it appears that one has to have the write permission set for the given user+queue. I wanted to lock consumers to read and publishers to write but at least in the case of consuming without using autoAck, this is not possible.</div>
<div><br></div><div>In addition, we are currently doing all of our monitoring via the Management Plugin's API. Unfortunately to get any data, the user calling the API to list information requires administration access. I'd love to be able to let Nagios/Your_Monitoring_Solution_Here poll the Rabbit node and get data without giving it access to change all of the configuration state and remove users.</div>
<div><br></div><div>Are there any changes related to these areas planned for future releases?</div><div><br></div><div>Regards,</div><div><br></div><div>Gavin</div>