Thanks for the info, Justin. I've created a ticket: https://issues.apache.org/jira/browse/ARTEMIS-3692
If someone points me in the right direction, I'd be willing to take a stab at a PR. On Thu, Feb 17, 2022 at 10:03 PM Justin Bertram <jbert...@apache.org> wrote: > Currently the temporary-queue-namespace is only relevant for > address-settings, not security-settings. Therefore, the only way to enforce > security settings on temporary queues is to use the match "#". I think > extending the functionality of temporary-queue-namespace to > security-settings would be worthwhile. Feel free to open a Jira [1] for > this if you like. > > > Justin > > [1] https://issues.apache.org/jira/browse/ARTEMIS > > > On Wed, Feb 16, 2022 at 4:00 PM KevinO <oneal.ke...@gmail.com> wrote: > > > Is there a way to add Role Based Security to temporary queues? So far I > get > > the error: > > > > User: myUser does not have permission='CREATE_NON_DURABLE_QUEUE' for > queue > > b9b3ac6e-8d1e-47c6-b168-495a5b35e39f on address > > b9b3ac6e-8d1e-47c6-b168-495a5b35e39f] > > > > The security setting all myUser to send and receive on its queue > specified > > as follows: > > > > <security-setting match="MYADDRESS.#"> > > > > <permission type="createNonDurableQueue" roles="amq,myRole"/> > > > > <permission type="deleteNonDurableQueue" roles="amq,myRole"/> > > > > <permission type="createDurableQueue" roles="amq"/> > > > > <permission type="deleteDurableQueue" roles="amq"/> > > > > <permission type="createAddress" roles="amq"/> > > > > <permission type="deleteAddress" roles="amq"/> > > > > <permission type="consume" roles="amq,myRole"/> > > > > <permission type="browse" roles="amq,myRole"/> > > <permission type="send" roles="amq,myRole"/> > > <!-- we need this otherwise ./artemis data imp wouldn't work > > --> > > <permission type="manage" roles="amq"/> > > </security-setting> > > > > I've tried setting > > <temporary-queue-namespace>TEMP</temporary-queue-namespace>, and then > added > > security-settings to allow myRole access, but to no great success. > > > > Any alternate recommendation on how to accomplish the request/reply > pattern > > would also be appreciated. > > >
