1

We're looking to limit the power our projects have over manipulating our Azure Service Bus.

Currently all projects have visibility of all topics and queues, is there a way for a single service bus to have multiple shared access keys which give visibility to certain topics and queues?

For example:

  • Service Bus A
    • Topic A
      • Queue AA
      • Queue AB
    • Topic B
      • Queue BA
      • Queue BB

Service Bus A should have two shared access policies

  • Policy A gives access to Topic A, Queue AA and Queue AB
  • Policy B gives access to Topic B, Queue BA and Queue BB

In this scenario we could give Policy A to Project A and Policy B to Project B.

Nick Spicer
  • 2,279
  • 3
  • 21
  • 26
  • Could you elaborate? Do you want to have a single client to use multiple keys or multiple clients with a dedicated key? – Sean Feldman Jul 12 '17 at 15:05
  • Elaborated original question, cheers. But to answer your question it could be both. We want to control what the project sees in the same way you would control a DB users access to tables and procedures. – Nick Spicer Jul 12 '17 at 15:13

1 Answers1

1

According to the Documentation you can have up to 12 rules per SB namespace, queue or topic. The rules can either give Send, Listen or Manage permissions.

The documentation & samples for what I think you are trying to achieve is here: https://learn.microsoft.com/en-us/azure/service-bus-messaging/service-bus-sas

This includes a table at the end which lists the permissions required for each operation

HTH

Ian
  • 249
  • 1
  • 8
  • 1
    ^Correct. More succinctly put: Each queue or topic can have it's own set of Shared Access Keys (Permissions) - you can give out these keys to the services that need them, reducing their access footprint. – Porschiey Jul 12 '17 at 16:29