OK, so does the user have permissions to manage management address if this role
is set on "anyotherqueue.#" but not on "activemq.management"?
--
Vilius
-----Original Message-----
From: Justin Bertram <jbert...@apache.org>
Sent: Monday, April 4, 2022 7:11 PM
To: users@activemq.apache.org
Subject: Re: Is Artemis manage role global?
Technically speaking you can grant the "manage" role on any address, but it is
really only applicable for the management address. A user with the "manage"
role on the management address can send any management message it wants (e.g.
stop an acceptor, delete messages from a queue, create an address, etc.).
Hope that helps!
Justin
On Fri, Apr 1, 2022 at 5:32 AM Vilius Šumskas <vilius.sums...@rivile.lt>
wrote:
> Hi,
>
> I‘m trying to understand how exactly Artemis roles work and I have a
> simple question: is “manage” role global? For example, if I use
> addSecuritySettings(), match the address to “somequeue.input.#” and
> add the role of the user to manageRoles attribute will the user then
> be able to send management messages to “activemq.management” queue too?
>
> If yes, what other roles need to be not set if I want to confine the
> user only in his own address space?
>
> --
> Vilius
>
>
