[rabbitmq-discuss] Read-only access to STOMP topic

Thu May 17 16:28:52 BST 2012

Thanks Simon, that did the trick.

Now I'm trying to sort out why I'm seeing intermittent message loss. My
subscribers are long-running processes that CONNECT and SUBSCRIBE once at
start-up, so I don't think it's the same problem I've seen on the mailing
list re: receipt headers. My publishers, however, are short-lived,
ephemeral processes that CONNECT, SEND, and terminate. About 10% of the
time these messages aren't making it to the subscribers. Does this sound
like a known issue?

Thanks,

Clay

On Thu, May 17, 2012 at 6:25 AM, Simon MacMullen <simon at rabbitmq.com> wrote:

> On 16/05/12 22:50, Clay McClure wrote:
>
>> Howdy,
>>
>
> Hi!
>
>  I would like to grant a user read-only access to a STOMP topic, while
>> granting another user read-write access to that same topic. In this
>> way, I can be assured that topic subscribers cannot also post messages
>> to the topic. I've tried using the following permissions:
>>
>>     rabbitmqctl set_permissions read-only-user '.*' '^$' '.*'
>>     rabbitmqctl set_permissions read-write-user '.*' '.*' '.*'
>>
>> which would, in my view, prevent the read-only-user from writing to
>> any topic.
>>
>
> Yes. But it also prevents them from writing to any *queue*. Try:
>
> rabbitmqctl set_permissions read-only-user '.*' '^amq.gen.*$' '.*'
>
> to allow them to write to (i.e. bind) the queue they created.
>
> or
>
> rabbitmqctl set_permissions read-only-user '^amq.gen.*$' '^amq.gen.*$' '.*'
>
> to restrict what they can create, as well.
>
>  However, it seems that write permission is required to bind
>> to an exchange (http://www.rabbitmq.com/**access-control.html<http://www.rabbitmq.com/access-control.html>
>> ),
>>
>
> Write permission is required to bind to an exchange as a *destination*,
> when using exchange-to-exchange bindings. The idea is that read permission
> means "bind so that I can read messages from" and write means "bind so that
> I can write messages to".
>
> Cheers, Simon
>
>
>  so when
>> the read-only-user tries to SUBSCRIBE to the topic, we get:
>>
>>     ACCESS_REFUSED - access to queue 'amq.gen-JUCwAsef2r336/
>> uzsYwAmA==' in vhost '/' refused for user 'read-only-user'
>>
>> How can I grant read-only access to the topic?
>>
>> Thanks,
>>
>> Clay
>> ______________________________**_________________
>> rabbitmq-discuss mailing list
>> rabbitmq-discuss at lists.**rabbitmq.com<rabbitmq-discuss at lists.rabbitmq.com>
>> https://lists.rabbitmq.com/**cgi-bin/mailman/listinfo/**rabbitmq-discuss<https://lists.rabbitmq.com/cgi-bin/mailman/listinfo/rabbitmq-discuss>
>>
>
>
> --
> Simon MacMullen
> RabbitMQ, VMware
>

-- 
Clay McClure
Management & Booking
Effective Entertainment LLC
404-314-1351
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rabbitmq.com/pipermail/rabbitmq-discuss/attachments/20120517/1c77ccbd/attachment.htm>