Topic permissions do not have any effect on the default exchange #3849

Swierkowski · 2021-12-03T16:08:10Z

Swierkowski
Dec 3, 2021

I want to limit the access for a given user. I want this user to be able to use only the default exchange. Moreover I want him to use default exchange only with specified routing key.

Setting permission is working as expected. It limits to default exchange.

My expectation is that topic permission will cause the routing key limitation, but it isn't.

I start rabbitmq using docker:
docker run -it --rm --name rabbitmq -p 5672:5672 -p 15672:15672 rabbitmq:3.9-management

My user permissions:

Answered by michaelklishin

Dec 3, 2021

Topic permissions by definition won't apply to the default exchange because, well, it's of type direct. Topic permissions only apply to topic exchanges, and require a topic exchange when declared. There are no permissions for routing keys.

View full answer

michaelklishin · 2021-12-03T16:28:42Z

michaelklishin
Dec 3, 2021
Maintainer

I will convert this issue to a GitHub discussion. Currently GitHub will automatically close and lock the issue even though your question will be transferred and responded to elsewhere. This is to let you know that we do not intend to ignore this but this is how the current GitHub conversion mechanism makes it seem for the users :(

0 replies

michaelklishin · 2021-12-03T16:29:49Z

michaelklishin
Dec 3, 2021
Maintainer

Topic permissions by definition won't apply to the default exchange because, well, it's of type direct. Topic permissions only apply to topic exchanges, and require a topic exchange when declared. There are no permissions for routing keys.

1 reply

Swierkowski Dec 3, 2021
Author

@michaelklishin thanks for your clarification.

It is misleading that when you define topic permission in UI you can choose all kind of exchanges and the first one is the default exchange. Moreover, there is no error when you define topic permission with direct exchange.

darraghjones · 2023-02-14T12:24:04Z

darraghjones
Feb 14, 2023

Does this mean it's not possible to achieve what the OP wants?

0 replies

davidmwhynot · 2024-03-31T20:38:02Z

davidmwhynot
Mar 31, 2024

Why not make it possible to add the routing key to the exchange resource permissions checks? You're right that, in most cases, you should just use a topic exchange but if, for some reason, I need to allow a particular user to write to the default exchange that user now has direct write access to every queue because of the implicit binding that exists between all queues and the default exchange.
The only example I can think of right now is an RPC server user that needs to utilize the direct-reply-to functionality.

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Topic permissions do not have any effect on the default exchange #3849

Uh oh!

{{title}}

Uh oh!

Replies: 4 comments 1 reply

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Select a reply

Uh oh!

Topic permissions do not have any effect on the default exchange #3849

Uh oh!

Swierkowski Dec 3, 2021

Replies: 4 comments · 1 reply

Uh oh!

michaelklishin Dec 3, 2021 Maintainer

Uh oh!

michaelklishin Dec 3, 2021 Maintainer

Uh oh!

Swierkowski Dec 3, 2021 Author

Uh oh!

darraghjones Feb 14, 2023

Uh oh!

davidmwhynot Mar 31, 2024

Swierkowski
Dec 3, 2021

Replies: 4 comments 1 reply

michaelklishin
Dec 3, 2021
Maintainer

michaelklishin
Dec 3, 2021
Maintainer

Swierkowski Dec 3, 2021
Author

darraghjones
Feb 14, 2023

davidmwhynot
Mar 31, 2024