gtully commented on code in PR #4820: URL: https://github.com/apache/activemq-artemis/pull/4820#discussion_r1519575016
########## artemis-core-client/src/main/java/org/apache/activemq/artemis/core/security/Role.java: ########## @@ -109,6 +115,22 @@ public Role(final String name, final boolean browse, final boolean createAddress, final boolean deleteAddress) { + this(name, send, consume, createDurableQueue, deleteDurableQueue, createNonDurableQueue, deleteNonDurableQueue, manage, browse, createAddress, deleteAddress, false, false); + } + + public Role(final String name, + final boolean send, + final boolean consume, + final boolean createDurableQueue, + final boolean deleteDurableQueue, + final boolean createNonDurableQueue, + final boolean deleteNonDurableQueue, + final boolean manage, + final boolean browse, + final boolean createAddress, + final boolean deleteAddress, + final boolean view, + final boolean update) { Review Comment: The view and update permissions are not checked by default, so the manage permission is sufficient as it is today. manage is very specific, it controls whether a message consumed from the management address is applied to the registered control objects or rejected. Only if the broker is configured to check for the presence of view or update for more fine grained rbac on the management address messages, then the user will need to configure those permissions. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: gitbox-unsubscr...@activemq.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org