Thanks Simon, that did the trick.<div><br></div><div>Now I'm trying to sort out why I'm seeing intermittent message loss. My subscribers are long-running processes that CONNECT and SUBSCRIBE once at start-up, so I don't think it's the same problem I've seen on the mailing list re: receipt headers. My publishers, however, are short-lived, ephemeral processes that CONNECT, SEND, and terminate. About 10% of the time these messages aren't making it to the subscribers. Does this sound like a known issue?</div>
<div><br></div><div>Thanks,</div><div><br></div><div>Clay</div><div><br><div><br><div class="gmail_quote">On Thu, May 17, 2012 at 6:25 AM, Simon MacMullen <span dir="ltr"><<a href="mailto:simon@rabbitmq.com" target="_blank">simon@rabbitmq.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">On 16/05/12 22:50, Clay McClure wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Howdy,<br>
</blockquote>
<br>
Hi!<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
I would like to grant a user read-only access to a STOMP topic, while<br>
granting another user read-write access to that same topic. In this<br>
way, I can be assured that topic subscribers cannot also post messages<br>
to the topic. I've tried using the following permissions:<br>
<br>
rabbitmqctl set_permissions read-only-user '.*' '^$' '.*'<br>
rabbitmqctl set_permissions read-write-user '.*' '.*' '.*'<br>
<br>
which would, in my view, prevent the read-only-user from writing to<br>
any topic.<br>
</blockquote>
<br>
Yes. But it also prevents them from writing to any *queue*. Try:<br>
<br>
rabbitmqctl set_permissions read-only-user '.*' '^amq.gen.*$' '.*'<br>
<br>
to allow them to write to (i.e. bind) the queue they created.<br>
<br>
or<br>
<br>
rabbitmqctl set_permissions read-only-user '^amq.gen.*$' '^amq.gen.*$' '.*'<br>
<br>
to restrict what they can create, as well.<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
However, it seems that write permission is required to bind<br>
to an exchange (<a href="http://www.rabbitmq.com/access-control.html" target="_blank">http://www.rabbitmq.com/<u></u>access-control.html</a>),<br>
</blockquote>
<br>
Write permission is required to bind to an exchange as a *destination*, when using exchange-to-exchange bindings. The idea is that read permission means "bind so that I can read messages from" and write means "bind so that I can write messages to".<br>
<br>
Cheers, Simon<br>
<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
so when<br>
the read-only-user tries to SUBSCRIBE to the topic, we get:<br>
<br>
ACCESS_REFUSED - access to queue 'amq.gen-JUCwAsef2r336/<br>
uzsYwAmA==' in vhost '/' refused for user 'read-only-user'<br>
<br>
How can I grant read-only access to the topic?<br>
<br>
Thanks,<br>
<br>
Clay<br>
______________________________<u></u>_________________<br>
rabbitmq-discuss mailing list<br>
<a href="mailto:rabbitmq-discuss@lists.rabbitmq.com" target="_blank">rabbitmq-discuss@lists.<u></u>rabbitmq.com</a><br>
<a href="https://lists.rabbitmq.com/cgi-bin/mailman/listinfo/rabbitmq-discuss" target="_blank">https://lists.rabbitmq.com/<u></u>cgi-bin/mailman/listinfo/<u></u>rabbitmq-discuss</a><span class="HOEnZb"><font color="#888888"><br>
</font></span></blockquote><span class="HOEnZb"><font color="#888888">
<br>
<br>
-- <br>
Simon MacMullen<br>
RabbitMQ, VMware<br>
</font></span></blockquote></div><br><br clear="all"><div><br></div>-- <br><span style="border-collapse:collapse;font-family:arial,sans-serif;font-size:13px">Clay McClure<br>Management & Booking<br>Effective Entertainment LLC<br>
404-314-1351<br><br></span><br>
</div></div>