[jira] [Commented] (ARTEMIS-5949) Clarify manage permission in default broker.xml

Sun, 10 May 2026 20:42:20 -0700 


    [ 
https://issues.apache.org/jira/browse/ARTEMIS-5949?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18079936#comment-18079936
 ] 

ASF subversion and git services commented on ARTEMIS-5949:
----------------------------------------------------------

Commit 621651636378cf6e481b5e89de109473c2bf1f59 in artemis's branch 
refs/heads/main from Justin Bertram
[ https://gitbox.apache.org/repos/asf?p=artemis.git;h=6216516363 ]

ARTEMIS-5949 add release note


> Clarify manage permission in default broker.xml
> -----------------------------------------------
>
>                 Key: ARTEMIS-5949
>                 URL: https://issues.apache.org/jira/browse/ARTEMIS-5949
>             Project: Artemis
>          Issue Type: Improvement
>            Reporter: Justin Bertram
>            Assignee: Justin Bertram
>            Priority: Major
>              Labels: pull-request-available
>             Fix For: 2.54.0
>
>          Time Spent: 0.5h
>  Remaining Estimate: 0h
>
> When the {{create}} command is used to create a broker instance the 
> {{broker.xml}} contains this:
> {code:xml}
>       <security-settings>
>          <security-setting match="#">
>             <permission type="createNonDurableQueue" roles="amq"/>
>             <permission type="deleteNonDurableQueue" roles="amq"/>
>             <permission type="createDurableQueue" roles="amq"/>
>             <permission type="deleteDurableQueue" roles="amq"/>
>             <permission type="createAddress" roles="amq"/>
>             <permission type="deleteAddress" roles="amq"/>
>             <permission type="consume" roles="amq"/>
>             <permission type="browse" roles="amq"/>
>             <permission type="send" roles="amq"/>
>             <!-- we need this otherwise ./artemis data imp wouldn't work -->
>             <permission type="manage" roles="amq"/>
>          </security-setting>
>       </security-settings>{code}
> Applying the {{manage}} role to {{#}} works, but it is imprecise and 
> potentially confusing. This permission should only be applied to the 
> *management address*. We can also remove the comment as I don't believe it's 
> necessary. Therefore, the default {{security-settings}} should look something 
> like this:
> {code:xml}
>       <security-settings>
>          <security-setting match="#">
>             <permission type="createNonDurableQueue" roles="amq"/>
>             <permission type="deleteNonDurableQueue" roles="amq"/>
>             <permission type="createDurableQueue" roles="amq"/>
>             <permission type="deleteDurableQueue" roles="amq"/>
>             <permission type="createAddress" roles="amq"/>
>             <permission type="deleteAddress" roles="amq"/>
>             <permission type="consume" roles="amq"/>
>             <permission type="browse" roles="amq"/>
>             <permission type="send" roles="amq"/>
>          </security-setting>
>          <security-setting match="activemq.management.#">
>             <permission type="manage" roles="amq"/>
>             <permission type="createNonDurableQueue" roles="amq"/>
>             <permission type="deleteNonDurableQueue" roles="amq"/>
>             <permission type="createAddress" roles="amq"/>
>             <permission type="deleteAddress" roles="amq"/>
>             <permission type="consume" roles="amq"/>
>             <permission type="send" roles="amq"/>
>          </security-setting>
>       </security-settings>{code}



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to