The management API RBAC is complementary to the addresses RBAC, see https://artemis.apache.org/components/artemis/documentation/latest/management.html#role-based-authorisation-for-jmx
Can you share your management.xml file? Regards, Domenico On Fri, 13 Feb 2026 at 10:49, Gašper Čefarin <[email protected]> wrote: > Hi, > > Using apache artemis 2.50.0 and Artemis Console 1.5.0 - im trying to > setup some "non-admin" users for console. > I added a role named "users", added it to HAWTIO_ROLES inside > artemis.profile, and set up permissions in broker.xml: > > <security-settings> > <security-setting match="#"> > <permission type="createNonDurableQueue" > roles="amq,manager,producer"/> > <permission type="deleteNonDurableQueue" roles="amq,manager"/> > <permission type="createDurableQueue" > roles="amq,manager,producer"/> > <permission type="deleteDurableQueue" roles="amq,manager"/> > <permission type="createAddress" roles="amq,manager,producer"/> > <permission type="deleteAddress" roles="amq,manager"/> > <permission type="consume" roles="amq,manager,consumer"/> > <permission type="browse" roles="amq,manager,consumer,users"/> > <permission type="send" roles="amq,manager,producer"/> > <permission type="manage" roles="amq"/> > </security-setting> > > Artemis-roles.properties: > users = user > > This is the current config - before this, I added the "users" role to > "consume" and "send" permissions as well. > In all cases, the "user" can login but they can also delete queues and > addresses. Queue-based operations look exactly the same as they do for a > user with amq or manager role. > > Can anyone else reproduce? > > > Gašper Čefarin > > > T: +386 5 662 2700 > > E: [email protected] > > W: www.actual-it.si > > ACTUAL PRO d.o.o., Ferrarska ulica 14, 6000 Koper - Slovenija > > [image: Actual_PRO_hor_rgb_72dpi.png] > > >
