Hi again,
I think I found the solution on my own - for whom it may itnerest, please see
my results and my comment:
I am really not experienced in devopment, etc. I am just a little admin :-)
- I just cloned the artemis-repo from github and did some greps, looking for
something like "list*", etc...
- there was a lucky punch looking finally for "access method="list*""
there is a file called
artemis_github\activemq-artemis\artemis-cli\src\main\resources\org\apache\activemq\artemis\cli\commands\etc\management.xml
and within this file there is a little hint:
<!-- Note count and browse are need to access the browse tab in the console-->
<access method="browse*" roles="${role}"/>
<access method="count*" roles="${role}"/>
I just updated my own management.xml like:
<match domain="org.apache.activemq.artemis" key="subcomponent=queues">
<access method="list*" roles="view,update,amq"/>
<access method="get*" roles="view,update,amq"/>
<access method="is*" roles="view,update,amq"/>
<access method="set*" roles="view,update,amq"/>
<access method="browse*" roles="view,amq"/>
<access method="count*" roles="view,amq"/>
<access method="*" roles="amq"/>
</match>
Now my user "view" is able to browse queues without beeing able to delete
messages.
Now I would like to ask, why this is not documented in any way? I mean, not
every active-mq-operator is experienced in figuring out this stuff.. for me it
was just luck this time...
I think implementing "read-only-users" for the web-ui is a common
approach/feature in so many different software.
I would like to ask the projects maintainer to update the documentation. I mean
you are teasing an "view"-role in default-configuration after fresh installs
but it is not working without further configuration. how should a simple user
like me to know about other methods like browse* and count* if it is not
written in the main-documentation?
If I can help in some way please let me know :-) I would like to give somthing
back to the community.
Wish you a nice week, stay healthy and best regards
Benjamin
Gesendet: Montag, 14. Juni 2021 um 10:58 Uhr
Von: "Benny K" <ben...@gmx.net>
An: users@activemq.apache.org
Betreff: Artemis: Struggling with setting up a readyonly-user for web-console
Hi people, hope your doing fine!
I am pretty new to Active MQ.. Never worked with "classic" or artemis before.
I run a simple artemis-2.17.0-Instance and I am really struggling setting up a
"read-only-user" for the web-console:
What i did so far:
- As Admin-User I successfully run a "artemis producer" via. cli to create some
messages to the TEST-Queue
- If I login to the web-console as Admin I can see all queues and I can browse
the queues successfully
For setting up the read-only-user i made the following steps and modifications:
- I added a user "view" with the role "view" via. artemis-cli
- artemis.profile changed to:
HAWTIO_ROLE='amq,view'
- management.xml:
[...]
<role-access>
<match domain="org.apache.activemq.artemis">
<access method="list*" roles="amq,view"/>
<access method="get*" roles="amq,view"/>
<access method="is*" roles="amq"/>
<access method="set*" roles="amq"/>
<access method="*" roles="amq"/>
</match>
<match domain="org.apache.activemq.artemis" key="subcomponent=queues">
<access method="list*" roles="view,update,amq"/>
<access method="get*" roles="view,update,amq"/>
<access method="is*" roles="view,update,amq"/>
<access method="set*" roles="update,amq"/>
<access method="*" roles="amq"/>
</match>
I can login as user "view" and I can see an overview/list of all queues, but I
cant browse the queues.
If I change the line in <match domain="org.apache.activemq.artemis"
key="subcomponent=queues">
From
<access method="*" roles="amq"/>
to
<access method="*" roles="amq,view"/>
then I can browse the queues, but I am also able to delete messages.
As far as i understand the method "*" is a catch-all for methods other than
"list*", "get*", etc.
But I dont know what there are for other methods, I cant find any information
in artemis-documentation and google really dont help...
Help me obi wan kenobi you're my only hope!
Thanks and Best Regards
Benjamin
