Technically speaking you can grant the "manage" role on any address, but it is really only applicable for the management address. A user with the "manage" role on the management address can send any management message it wants (e.g. stop an acceptor, delete messages from a queue, create an address, etc.).
Hope that helps! Justin On Fri, Apr 1, 2022 at 5:32 AM Vilius Šumskas <vilius.sums...@rivile.lt> wrote: > Hi, > > I‘m trying to understand how exactly Artemis roles work and I have a > simple question: is “manage” role global? For example, if I use > addSecuritySettings(), match the address to “somequeue.input.#” and add the > role of the user to manageRoles attribute will the user then be able to > send management messages to “activemq.management” queue too? > > If yes, what other roles need to be not set if I want to confine the user > only in his own address space? > > -- > Vilius > >