RabbitMQ setting user permissions
4,127 views
Skip to first unread message
nate
Mar 14, 2017, 12:38:13 PM3/14/17
to rabbitmq-users
Hi,
I have RabbitMQ running on the production server with only one queue(Queue-A) with default exchange. Currently I have one user with admin privileges.
Now I need to create a new queue(Queue-B) and the user to publish only permissions to this queue. This new User cannot delete or consume messages from this queue. How can I create this new queue and the user without affecting the operation of(Queue-A)? Do I have to create a new exchange and queue? I went through the documentation but I am not sure about the permissions. Please let me know.
thanks for any help.
I have RabbitMQ running on the production server with only one queue(Queue-A) with default exchange. Currently I have one user with admin privileges.
Now I need to create a new queue(Queue-B) and the user to publish only permissions to this queue. This new User cannot delete or consume messages from this queue. How can I create this new queue and the user without affecting the operation of(Queue-A)? Do I have to create a new exchange and queue? I went through the documentation but I am not sure about the permissions. Please let me know.
thanks for any help.
Michael Klishin
Mar 14, 2017, 1:08:17 PM3/14/17
to rabbitm...@googlegroups.com, nate
You need to use `rabbitmqctl set_permissions` to grant UserB full permissions on QueueB
and no most only write (configure allows for deletion, read allows for consumption) permissions on QueueA.
If I were you I'd restrict UserB from doing anything with QueueA and then see if you actually need
to grant write permissions for anything.
A wiser idea to not fixate on just one queue but rather fix a queue name prefix for each user,
e.g. instead of
rabbitmqctl set_permissions -p / user_b "queue_b" "queue_b" "queue_b"
do something like
rabbitmqctl set_permissions -p / user_b "group_b\.*" "group_b\.*" "group_b\.*"
and name your UserB queue(s) "group_b.something-meaningful", "group_b.something-else" and so on.
Since you won't be modifying the administrative's user permissions, I cannot think of
a way that can affect QueueA operations.
> --
> You received this message because you are subscribed to the Google Groups "rabbitmq-users"
> group.
> To unsubscribe from this group and stop receiving emails from it, send an email to rabbitmq-user...@googlegroups.com.
> To post to this group, send an email to rabbitm...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
>
--
MK
Staff Software Engineer, Pivotal/RabbitMQ
and no most only write (configure allows for deletion, read allows for consumption) permissions on QueueA.
If I were you I'd restrict UserB from doing anything with QueueA and then see if you actually need
to grant write permissions for anything.
A wiser idea to not fixate on just one queue but rather fix a queue name prefix for each user,
e.g. instead of
rabbitmqctl set_permissions -p / user_b "queue_b" "queue_b" "queue_b"
do something like
rabbitmqctl set_permissions -p / user_b "group_b\.*" "group_b\.*" "group_b\.*"
and name your UserB queue(s) "group_b.something-meaningful", "group_b.something-else" and so on.
Since you won't be modifying the administrative's user permissions, I cannot think of
a way that can affect QueueA operations.
> You received this message because you are subscribed to the Google Groups "rabbitmq-users"
> group.
> To unsubscribe from this group and stop receiving emails from it, send an email to rabbitmq-user...@googlegroups.com.
> To post to this group, send an email to rabbitm...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
>
--
MK
Staff Software Engineer, Pivotal/RabbitMQ
nate
Mar 14, 2017, 1:56:41 PM3/14/17
to rabbitmq-users, nram...@gmail.com
thank you. Do I need to create a new exchange before creating a new queue(Queue-B)? or default exchange should be enough? I might need to add more users and the queues in future.
Michael Klishin
Mar 14, 2017, 1:59:47 PM3/14/17
to rabbitm...@googlegroups.com
Since you are looking to limit consumption and deletion, I don't see a real need
for a separate exchange.
To unsubscribe from this group and stop receiving emails from it, send an email to rabbitmq-users+unsubscribe@googlegroups.com.
To post to this group, send email to rabbitmq-users@googlegroups.com.
nate
Mar 23, 2017, 11:40:59 AM3/23/17
to rabbitmq-users
I created the following user 'user_b' and the queue 'group_b.test-11'.
I am trying to set permissions for 'user_b' can only have access to 'group_b.test-11' queue.
I tried to set permissions using the following command. I am getting 'Error: Invalid command'. Please let me know if I am doing right.
I am trying to set permissions for 'user_b' can only have access to 'group_b.test-11' queue.
I tried to set permissions using the following command. I am getting 'Error: Invalid command'. Please let me know if I am doing right.
rabbitmqctl set_permissions -p / user_b "group_b\.*" "group_b\.*" "group_b\.*"
Thanks for the help.
To post to this group, send email to rabbitm...@googlegroups.com.
Michael Klishin
Mar 23, 2017, 11:49:25 AM3/23/17
to rabbitm...@googlegroups.com
Would you post the entire error (e.g. a shell transcript), please? The command looks OK
but I cannot suggest much from a single line (why is a single line considered to be an acceptable
way to report errors in our industry anyway?)
To unsubscribe from this group and stop receiving emails from it, send an email to rabbitmq-users+unsubscribe@googlegroups.com.
To post to this group, send email to rabbitmq-users@googlegroups.com.
nate
Mar 23, 2017, 1:29:16 PM3/23/17
to rabbitmq-users
It works after adding a space between "/" and "user_b". There was no space before.
Reply all
Reply to author
Forward
0 new messages