The default ACL:
Resource type: queue
Resource name: #
Principal: PUBLIC
Principal type: group
Permission: GRANT
Action Receive / Send
This allows any users belonging to the PUBLIC group to send and receive messages to/from any queue
So, if you want to restrict access to queues, only allowing specific public users access to them, this default ACL should be removed.
Is this default setting documented anywhere? Was it like this in previous versions?
This is not new. See the 'Authorization Policies for Messaging and Routing' section in the SonicMQ Deployment Guide. For example - "If you want to constrain the scope of user permissions, modify the PUBLIC group to change its default permission (#, GRANT) to deny all permissions (#, DENY) then grant permission on other principals for name patterns that define roles and responsibilities."