[rabbitmq-discuss] Write access required to read from queue?

Steve Valaitis steve at digitalnothing.com
Mon Jul 1 20:26:16 BST 2013

My question is similar to what was being asked in this thread a year
and a half ago:

I want certain users that are authenticated to be able to be able to
create transient queues to read from specific exchanges. What I have
had to do for permissions to get things working is something like the

app_user1 "^amq.gen-.*" "^amq.gen-.*" "^public.*|^amq.gen-.*"

Why do I have to give write permissions to amq.gen? The user isn't
actually writing to the queue, but if I leave write perms empty I get
ACCESS_REFUSED. Is it because of the need to acknowledge? If so,
shouldn't that be automatic with read access?

I'm using the Ruby Bunny client. I have tried specifying `:ack =>
true` and leaving it blank, which I believe should auto-ack, but that
doesn't change anything.

Also, can I prevent durable queues from being created by these users?


More information about the rabbitmq-discuss mailing list