RabbitMQ user authorization to read queues but prevent purge access

Question

I added a user in RabbitMQ and edited the permissions to read ".*" in the RabbitMQ admin console.

The output of the command list_permissions shows that the user "readman" only has read permissions.

$ rabbitmqctl list_permissions --vhost /
Listing permissions for vhost "/" ...
user    configure       write   read
admin          .*      .*      .*
guest           .*      .*      .*
readman                         .*

However, I can still purge messages from the queue when logged in as "readman". Is this expected? How can I enable an user to view the queues and messages, but not to purge the queues's messages?

score 2 · Accepted Answer · answered Nov 14 '19 at 04:49

2

Yes this is expected , since as per the permission table the amqp ( 0-9-1 ) operation for queue.purge requires only READ permission on the queue , so any user who has a read permission on a queue will be able to purge that queue as well.

answered Nov 14 '19 at 04:49

Soumen Mukherjee

2,953
3
22
34

RabbitMQ user authorization to read queues but prevent purge access

1 Answers1