Hi Team, As part of our project requirement we need to restrict non-amq user (LDAP users) for performing write & execute operation inside jolokia console (connection, session, consumer, producer) And, we need to grant them only send message permission. We able to achieved it in version 2.18 by removing non-amq role (LDAP users role) from <role-access> block in below management.xml & by giving only send message permission in broker.xml files & which is working fine as per expectation. However, when we do same configurations in 2.23.1 it is not working. It allows non-amq user to perform any write/execute operation which we do not want. So here I am looking for your suggestion on how we can achieve the same in Apache Artemis 2.23.1 version. Please let us know if you need more details. Thank you
2.18 management.xml file – <role-access> <match domain="org.apache.activemq.artemis"> <access method="list*" roles="amq"/> <access method="get*" roles="amq"/> <access method="is*" roles="amq"/> <access method="set*" roles="amq"/> <access method="*" roles="amq"/> </role-access> 2.18.1 broker.xml file – In this file we are giving only send message permission to our LDAP users role. <security-settings> <security-setting match="#"> <permission type="createNonDurableQueue" roles="amq"/> <permission type="deleteNonDurableQueue" roles="amq"/> <permission type="createDurableQueue" roles="amq"/> <permission type="deleteDurableQueue" roles="amq"/> <permission type="createAddress" roles="amq"/> <permission type="deleteAddress" roles="amq"/> <permission type="consume" roles="amq"/> <permission type="browse" roles="amq"/> <permission type="send" roles="amq,EAI_Administrator_G"/> </security-settings> With above changes when we login in 2.18 jolokia console using non-amq role user (LDAP user) and navigate to any tab like connection, session, consumer, producers we get below restriction message which is correct as per the above changes & that is what our requirement is. Please suggest how we can achieve the same in 2.23.1 version. Thank you. Below Snapshot are from 2.18. [cid:image003.png@01D923DB.762D23A0] We just need grant send message permission to any Non-amq role user like below. [cid:image002.png@01D923DC.C858CB60] Thank you, Nilesh CONFIDENTIALITY NOTICE: The information contained in this email and attached document(s) may contain confidential information that is intended only for the addressee(s). If you are not the intended recipient, you are hereby advised that any disclosure, copying, distribution or the taking of any action in reliance upon the information is prohibited. If you have received this email in error, please immediately notify the sender and delete it from your system.