Hi people, hope your doing fine!
I am pretty new to Active MQ.. Never worked with "classic" or artemis before.
I run a simple artemis-2.17.0-Instance and I am really struggling setting up a
"read-only-user" for the web-console:
What i did so far:
- As Admin-User I successfully run a "artemis producer" via. cli to create some
messages to the TEST-Queue
- If I login to the web-console as Admin I can see all queues and I can browse
the queues successfully
For setting up the read-only-user i made the following steps and modifications:
- I added a user "view" with the role "view" via. artemis-cli
- artemis.profile changed to:
HAWTIO_ROLE='amq,view'
- management.xml:
[...]
<role-access>
<match domain="org.apache.activemq.artemis">
<access method="list*" roles="amq,view"/>
<access method="get*" roles="amq,view"/>
<access method="is*" roles="amq"/>
<access method="set*" roles="amq"/>
<access method="*" roles="amq"/>
</match>
<match domain="org.apache.activemq.artemis" key="subcomponent=queues">
<access method="list*" roles="view,update,amq"/>
<access method="get*" roles="view,update,amq"/>
<access method="is*" roles="view,update,amq"/>
<access method="set*" roles="update,amq"/>
<access method="*" roles="amq"/>
</match>
I can login as user "view" and I can see an overview/list of all queues, but I
cant browse the queues.
If I change the line in <match domain="org.apache.activemq.artemis"
key="subcomponent=queues">
From
<access method="*" roles="amq"/>
to
<access method="*" roles="amq,view"/>
then I can browse the queues, but I am also able to delete messages.
As far as i understand the method "*" is a catch-all for methods other than
"list*", "get*", etc.
But I dont know what there are for other methods, I cant find any information
in artemis-documentation and google really dont help...
Help me obi wan kenobi you're my only hope!
Thanks and Best Regards
Benjamin
