Default ACL allows sending/receiving to/from any queue (or t

Posted by bjorn_kroghrud on 17-Oct-2012 04:01

The default ACL:

Resource type: queue

Resource name: #

Principal: PUBLIC

Principal type: group

Permission: GRANT

Action Receive / Send

This allows any users belonging to the PUBLIC group to send and receive messages to/from any queue

So, if you want to restrict access to queues, only allowing specific public users access to them, this default ACL should be removed.

Is this default setting documented anywhere? Was it like this in previous versions?

All Replies

Posted by rrudis on 17-Oct-2012 09:40

This is not new.  See the 'Authorization Policies for Messaging and Routing' section in the SonicMQ Deployment Guide.  For example - "If you want to constrain the scope of user permissions, modify the PUBLIC group to change its default permission (#, GRANT) to deny all permissions (#, DENY) then grant permission on other principals for name patterns that define roles and responsibilities."

This thread is closed