2

I found the steps online to add/create a new user on rabbitmq, example doc

But my internal team has got a special requirement to allow that user access only some specific services/queues under the virtual host /

Right, now, the user I created has access to all queues under virtual host /

Suppose, if we need to change their permission to access only specific queues/services say cart-order1, cart-order2, cart-order3 under virtual host /, how do we do that?.

vjwilson
  • 754
  • 2
  • 14
  • 30

1 Answers1

5

You can grant a user config, write, read permissions to queues using regex to match the queues. This can be done in the web management interface or using the cli rabbitmqctl. For example, something like this:

rabbitmqctl set_permissions -p "/" "username" "^cart-order.*" "^cart-order.*" "^cart-order.*"

See documentation here: https://www.rabbitmq.com/access-control.html

Chad Knutson
  • 351
  • 1
  • 4
  • Thank you. May I know what these 3 fields indicate after "username"?. Just cart-order1, cart-order2, cart-order3 => "^cart-order.*" "^cart-order.*" "^cart-order.*" or something else in that order?. – vjwilson Jan 06 '22 at 20:45
  • Sure. They are reg expressions that determine pattern names that user is allowed to (1) config, (2) write, and (3) read. So, let's say you want this user to only read from these queues, you could do rabbitmqctl set_permissions -p "/" "username" "$^" "$^" "^cart-order.*" – Chad Knutson Jan 06 '22 at 20:51
  • Thanks again, Chad :) Happy new year. – vjwilson Jan 06 '22 at 20:55
  • there is a bit confusing. does this mean, the user for queues or projects?. If I used the wrong technical term as a queue instead of projects, say cart-order1, cart-order2, cart-order3, etc. – vjwilson Jan 12 '22 at 12:50