[
https://issues.apache.org/jira/browse/ARTEMIS-3205?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17308161#comment-17308161
]
Justin Bertram commented on ARTEMIS-3205:
-----------------------------------------
FWIW, a database and a queue are quite different. Queues, in general, don't
support CRUD; they only support put & get (i.e. CR). It _is_ possible, of
course, to delete a message via the management interface, but this is not part
of a normal client's API. However, once a message is on a queue it is
immutable; it cannot be updated.
> Scheduled messages should not require management user
> -----------------------------------------------------
>
> Key: ARTEMIS-3205
> URL: https://issues.apache.org/jira/browse/ARTEMIS-3205
> Project: ActiveMQ Artemis
> Issue Type: Improvement
> Affects Versions: 2.17.0
> Reporter: Stefan
> Priority: Major
> Labels: security
>
> We are currently trying to implement a scheduled message use-case with
> Artemis where deleting scheduled messages is sometimes necessary.
> However, we could not find any solution to dequeue scheduled messages before
> they are routed to the queue without using a management user (i.e. via
> QueueControl or JMX-Operations).
> Is this the only way it can be done in Artemis?
> We have concerns about this configuration, because our client implementation
> needs admin user rights to handle 'simple' CRUD operations. Regarding DB
> clients, this is a common antipattern.
> Shouldn't this also be possible for standard users for reasons of security?
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
