[rabbitmq-discuss] Access Control required for RabbitMQ and Management plugin

Jerry Kuch jkuch at gopivotal.com
Fri Dec 20 06:47:25 GMT 2013


Please see:

http://www.rabbitmq.com/management.html

This may be helpful for considering the
management/policymaker/monitoring/administrator privileges that you may
want to consider when trying to do the aliveness test.

Best regards,
Headache Man



On Thu, Dec 19, 2013 at 10:43 PM, Saurabh Sharma <saurabh.infoedge at gmail.com
> wrote:

> Hi Simon,
>
> Thanks for your reply .
> I have gone through the links provided but still not able to achieve my
> goal.
> 1) i want to create a user who can make call to api for aliveness test and
> querying queues.
> i am setting permission like
>
> rabbitmqctl set_permissions -p / monitor "^(.\.aliveness-test.*)$"
> "^(.\.aliveness-test.*)$" ".*"
>
> but still getting the error that
> "error":"not_authorised","reason":"ACCESS_REFUSED - access to queue
> 'aliveness-test' in vhost '/' refused for user 'monitor'"
>
>
> can you please direct me about how to create a user with specific
> permissions on a specific resource .
>
>
>
> Thanks
> Saurabh Sharma
>
>
>
>
>
>
> On Thu, Dec 19, 2013 at 6:32 PM, Simon MacMullen <simon at rabbitmq.com>wrote:
>
>> Have you read http://www.rabbitmq.com/access-control.html and
>> http://www.rabbitmq.com/management.html#permissions?
>>
>> Cheers, Simon
>>
>>
>> On 19/12/13 12:53, Saurabh Sharma wrote:
>>
>>> Hi,
>>> I am working on an application where i want different users for
>>> different tasks.
>>> 1)I want a user who can publish/consume messages and ack/nack them but
>>> not able to create queue on server . I am able to create this user by
>>> giving read and write rights and No configure rights.
>>> How can i only define rules that i only need user to have
>>> queue.publish
>>> queue.consume
>>> queue.get
>>>
>>> (basically how to create a user only with specific commands)
>>> permissions and not the other permission .
>>>
>>> 2) I want to hit the Management plugin api for some purpose and it uses
>>> authentication.
>>> What kind of user should i create to use the api
>>> a) read only [not able to hit the api]
>>> b) read and write [not able to hit the api]
>>> c) read , write , configure [able to hit the api]
>>>
>>> if i create the aliveness-test queue on the server by a superuser , will
>>> i be able to hit the api in all other cases [if the queue exist] using a
>>> read only user.
>>>
>>>
>>>
>>> Thanks and Regards
>>> Saurabh Sharma
>>>
>>>
>>>
>>> _______________________________________________
>>> rabbitmq-discuss mailing list
>>> rabbitmq-discuss at lists.rabbitmq.com
>>> https://lists.rabbitmq.com/cgi-bin/mailman/listinfo/rabbitmq-discuss
>>>
>>>
>>
>> --
>> Simon MacMullen
>> RabbitMQ, Pivotal
>>
>
>
> _______________________________________________
> rabbitmq-discuss mailing list
> rabbitmq-discuss at lists.rabbitmq.com
> https://lists.rabbitmq.com/cgi-bin/mailman/listinfo/rabbitmq-discuss
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rabbitmq.com/pipermail/rabbitmq-discuss/attachments/20131219/28652c2e/attachment.html>


More information about the rabbitmq-discuss mailing list