I am having a bit of a problem setting permission for my queues.
I want to have an account that can only subscribe and consume messages from a specific queue, without the possibility to publish to this queue.
In my tests I can only achieve that giving the ownership of the queue to this account. Is this the correct approach? In my mind would make more sense to obtain this by using the client profiles and acl profiles, but at least with what I tried I cannot achieved that.
What is the correct approach here?
Hi @joaorr13 ,
The permission setup for publishing and for consuming from a queue is a bit different.
For publishing, you need permissions granted from ACL profile. (and there you can not only list typical topics as “a/b/c/>”, but also queues via a “dummy topic” #P2P/QUE/.
To allow a client to CONSUME from a queue, there are 2 relevant parameters to set in queue ocnfig:
“owner of the queue”… Typically you set your application client-username here
“Other permissions”: What can all other client-usernames (that are NOT owner of the queue) do ? Typically that is configured to “none”.
For your setup, most probably you need to setup the owner of the queue to your client-username and the “other permissions” to none.
Oh, there was something cut of my text.
The dummy topic to publish directly to a queue is #P2P/QUE/abc where “abc” is the queue-name.
So I can’t use that “dummy” topic to setup up the ACL for the subscriber right? For example in the ACL for my subscriber user if I put #P2P/QUE/myqueue in the Subscribe Topic tab it wouldn’t work.
No. The queue topic is not usable in the subscribe-ACL.
1 Like