[rabbitmq-discuss] How to grant only read access to a specific STOMP queue?

joshua__lim joshua__lim at hotmail.com
Sat Feb 22 16:35:53 GMT 2014


Michael Klishin-2 wrote
> On 21 Feb 2014, at 07:09, Joshua Lim <

> joshua__lim@

> > wrote:
> 
>> Is there a way to grant a user read permission to only a specific queue? 
>> I would greatly appreciate any pointers.
> 
> From rabbitmqctl help:
> 
> set_permissions [-p 
> <vhostpath>
> ] 
> <user>
>  
> <conf>
>  
> <write>
>  
> <read>
> So, using your example
> 
> rabbitmqctl set_permissions guest ".*” ".*” "testqueue".
> 
> MK


Hi Michael, thanks.  I did a retest again, it appears that I'm able to read
from "testqueue" even if <write> is set to "^$”.

rabbitmqctl set_permissions guest ".*" "^$" "testqueue"


I think I must have messed up my earlier test.


Now, if I need to allow the guest user to have both read and publish
permission to "testqueue", what must I do?

I tried the following but it doesn't work and I get a processing error:

rabbitmqctl set_permissions guest ".*" "testqueue" "testqueue"

=ERROR REPORT==== 23-Feb-2014::00:27:06 ===
connection <0.545.0>, channel 1 - soft error:
{amqp_error,access_refused,
            "access to exchange 'amq.default' in vhost '/' refused for user
'guest'",
            'basic.publish'}


Then I tried:

rabbitmqctl set_permissions guest ".*" "amq.default" "testqueue"


This time it worked but it also means the guest user can publish to all
queues!  Is there a way to restrict publishing to a specific queue?



--
View this message in context: http://rabbitmq.1065348.n5.nabble.com/How-to-grant-only-read-access-to-a-specific-STOMP-queue-tp33549p33573.html
Sent from the RabbitMQ mailing list archive at Nabble.com.


More information about the rabbitmq-discuss mailing list