RabbitMQ Scope/Permissions Meanings #10365
-
|
Hi All, I have seen some answers in other forums but unfortunately for a RabbitMQ novice, they don't always make sense, so im hoping to get some further clarification. Currently we use the provider CloudAMQP via Azure Marketplace to host our RabbitMQ instance. In order to log in to the Managamnet UI using the traditional username/password, i have connected our RabbitMQ instance to our AzureAD. So when the management console is loaded, the user authenticates with their AzureAD account. This is working well in our test environment and i have given the following roles to myself + Description of what i understand what that role is: Management UI Admin (Application_ID.tag:administrator) Configure All Vhosts (Application_ID.configure:/) Read Access to All Vhosts (Application_ID.read:/) Write Access to All Vhosts (Application_ID.write:/) I have used the below two URL's to help configure RabbitMQ and AzureAD When testing, i found that simply giving Management UI Admin (Application_ID.tag:administrator) was not enough and i had to give the other three permissions. So currently i have all 4. But it is my understand that logically i should either have Management UI Admin OR configure, read and write to be able to do everything an Admin can. Is someone able to confirm what the right roles are? should it be just Management UI Admin OR configure, read and write OR all 4? Thank you! |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment
-
|
Tags are orthogonal to permissions and only control what users have access to the HTTP API, and what parts of it. Permissions control what messaging protocol operations on what specific resources are allowed (specifically build around AMQP 0-9-1's idea of permissions since it was RabbitMQ's original protocol). HTTP API is not a messaging protocol. |
Beta Was this translation helpful? Give feedback.
Tags are orthogonal to permissions and only control what users have access to the HTTP API, and what parts of it.
Permissions control what messaging protocol operations on what specific resources are allowed (specifically build around AMQP 0-9-1's idea of permissions since it was RabbitMQ's original protocol). HTTP API is not a messaging protocol.