I get the error: "ACCESS_REFUSED - configure access to queue 'xxx' refused for user" when trying to consume an existing queue using the AMQP 1.0 plugin in RabbitMQ.
The user has readonly permissions. In other words, the Configure and Write Regexp is set to "^$".
The queue already exists - only trying to consume it. The error happens upon attach: attach(name:my-receiver,handle:0,role:True,source:source(address:myqueue,durable:1),target:target())
If I add configure permission, it works, but why is the configure permission required? It's like it tries to declare the queue, but I'd expect it to at most do a passive declare.
Any suggestions?
Found a solution thanks to 'thorhalvor' in the RabbitMQ Discord chat.
Turns out if you prefix the queue address with /amq/queue/, a declare is not triggered, and configure-permissions are not required.
'kjnilsson' mentions that this might be improved in RabbitMQ 4.0 - most likely removing implicit queue declaration and simplifying addressing.
The documentation has been updated, clarifying this different behavior. (See https://github.com/rabbitmq/rabbitmq-server/tree/main/deps/rabbitmq_amqp1_0#routing-and-addressing).
Link to Discord post and thread: