Greetings,<div><br></div><div>I was curious how granular you get set permissions using the rabbit_auth_backend_ldap plugin? Is it possible to define permissions to a particular vhost/exchange/queue explicitly defining these resources and the AD groups that have access to them in the config? Our current use case is defining static exchanges and queues and restricting access to those resources via AD groups that would grant developers and service accounts access per development group. We will have a number of applications that will push messages to the exchanges, with another set of applications consuming these messages via their own queue. We would ideally restrict access to each queue per it's defined app, likewise for the exchanges.</div>
<div><br></div><div>It looks like this achievable fairly easily using the baked in user accounts, can this be defined for LDAP groups/users and resources?</div><div><br></div><div>It was discussed some here, <a href="http://rabbitmq.1065348.n5.nabble.com/Per-queue-exchange-ACL-via-LDAP-plugin-td25331.html">http://rabbitmq.1065348.n5.nabble.com/Per-queue-exchange-ACL-via-LDAP-plugin-td25331.html</a>, which shows how to match queue to a username. Is it not possible for group membership or explicitly defining the resource and group?</div>
<div><br></div><div>Thanks,</div><div><br></div><div>Jared</div>