Technically speaking you can grant the "manage" role on any address, but it
is really only applicable for the management address. A user with the
"manage" role on the management address can send any management message it
wants (e.g. stop an acceptor, delete messages from a queue, create an
address, etc.).

Hope that helps!


Justin

On Fri, Apr 1, 2022 at 5:32 AM Vilius Šumskas <vilius.sums...@rivile.lt>
wrote:

> Hi,
>
> I‘m trying to understand how exactly Artemis roles work and I have a
> simple question: is “manage” role global? For example, if I use
> addSecuritySettings(), match the address to “somequeue.input.#” and add the
> role of the user to manageRoles attribute will the user then be able to
> send management messages to “activemq.management” queue too?
>
> If yes, what other roles need to be not set if I want to confine the user
> only in his own address space?
>
> --
>     Vilius
>
>

Reply via email to