[
https://issues.apache.org/jira/browse/ARTEMIS-1263?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16070653#comment-16070653
]
Justin Bertram commented on ARTEMIS-1263:
-----------------------------------------
One more thing to think about...I'm not sure it's a good idea from a security
perspective to allow wildcards like this. It would be rather easy to make a
mistake and grant privileges to users who shouldn't have them.
> Allow wildcards in security setting's role permissions
> ------------------------------------------------------
>
> Key: ARTEMIS-1263
> URL: https://issues.apache.org/jira/browse/ARTEMIS-1263
> Project: ActiveMQ Artemis
> Issue Type: New Feature
> Components: Broker
> Affects Versions: 2.1.0
> Reporter: Varsha
> Priority: Minor
>
> Allow wildcard in security setting's role permissions so that all users can
> perform some operation and some operations are restricted to users.
> For example : All users can send messages to queue. However only users who
> have admin role can consume messages from queue.
> <security-setting match="test_queue">
> <permission roles="amq_admin" type="createDurableQueue"/>
> <permission roles="amq_admin" type="deleteDurableQueue"/>
> <permission roles="amq_admin" type="createNonDurableQueue"/>
> <permission roles="amq_admin" type="deleteNonDurableQueue"/>
> <permission roles="amq_admin" type="consume"/>
> <permission roles="*" type="send"/>
> <permission roles="amq_admin" type="createAddress"/>
> <permission roles="amq_admin" type="deleteAddress"/>
> <permission roles="amq_admin" type="browse"/>
> <permission roles="amq_admin" type="manage"/>
> </security-setting>
> Note: Adding all users in role where count is 300+ or disabling security does
> not seems to be feasible solution.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
