[rabbitmq-discuss] Read-only access to STOMP topic

Simon MacMullen simon at rabbitmq.com
Thu May 17 11:25:57 BST 2012


On 16/05/12 22:50, Clay McClure wrote:
> Howdy,

Hi!

> I would like to grant a user read-only access to a STOMP topic, while
> granting another user read-write access to that same topic. In this
> way, I can be assured that topic subscribers cannot also post messages
> to the topic. I've tried using the following permissions:
>
>      rabbitmqctl set_permissions read-only-user '.*' '^$' '.*'
>      rabbitmqctl set_permissions read-write-user '.*' '.*' '.*'
>
> which would, in my view, prevent the read-only-user from writing to
> any topic.

Yes. But it also prevents them from writing to any *queue*. Try:

rabbitmqctl set_permissions read-only-user '.*' '^amq.gen.*$' '.*'

to allow them to write to (i.e. bind) the queue they created.

or

rabbitmqctl set_permissions read-only-user '^amq.gen.*$' '^amq.gen.*$' '.*'

to restrict what they can create, as well.

> However, it seems that write permission is required to bind
> to an exchange (http://www.rabbitmq.com/access-control.html),

Write permission is required to bind to an exchange as a *destination*, 
when using exchange-to-exchange bindings. The idea is that read 
permission means "bind so that I can read messages from" and write means 
"bind so that I can write messages to".

Cheers, Simon


> so when
> the read-only-user tries to SUBSCRIBE to the topic, we get:
>
>      ACCESS_REFUSED - access to queue 'amq.gen-JUCwAsef2r336/
> uzsYwAmA==' in vhost '/' refused for user 'read-only-user'
>
> How can I grant read-only access to the topic?
>
> Thanks,
>
> Clay
> _______________________________________________
> rabbitmq-discuss mailing list
> rabbitmq-discuss at lists.rabbitmq.com
> https://lists.rabbitmq.com/cgi-bin/mailman/listinfo/rabbitmq-discuss


-- 
Simon MacMullen
RabbitMQ, VMware


More information about the rabbitmq-discuss mailing list