gtully commented on code in PR #4820:
URL: https://github.com/apache/activemq-artemis/pull/4820#discussion_r1519575016
##########
artemis-core-client/src/main/java/org/apache/activemq/artemis/core/security/Role.java:
##########
@@ -109,6 +115,22 @@ public Role(final String name,
final boolean browse,
final boolean createAddress,
final boolean deleteAddress) {
+ this(name, send, consume, createDurableQueue, deleteDurableQueue,
createNonDurableQueue, deleteNonDurableQueue, manage, browse, createAddress,
deleteAddress, false, false);
+ }
+
+ public Role(final String name,
+ final boolean send,
+ final boolean consume,
+ final boolean createDurableQueue,
+ final boolean deleteDurableQueue,
+ final boolean createNonDurableQueue,
+ final boolean deleteNonDurableQueue,
+ final boolean manage,
+ final boolean browse,
+ final boolean createAddress,
+ final boolean deleteAddress,
+ final boolean view,
+ final boolean update) {
Review Comment:
The view and update permissions are not checked by default, so the manage
permission is sufficient as it is today. manage is very specific, it controls
whether a message consumed from the management address is applied to the
registered control objects or rejected.
Only if the broker is configured to check for the presence of view or update
for more fine grained rbac on the management address messages, then the user
will need to configure those permissions.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: gitbox-unsubscr...@activemq.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
