Since SMM uses management requests to determine the available brokers and queues, you need to have certain permissons on the Sonic domain you are trying to connect to. Any member of the Administrators group already has these permissions but any other user (by default) does not. The required ACLs (for the management broker) are:
Resource type | Resource name | Principal | Principal type | Permission | Action |
---|---|---|---|---|---|
topic | SonicMQ.mf | SMMUsers | group | GRANT | Subscribe |
topic | SonicMQ.mf | SMMUsers | group | GRANT | Publish |
This will allow any user in the group SMMUsers to connect to the domain. If you do not use management security (available from Sonic MQ 7.0), this will also allow these users to perform most management operations using the Sonic Management Console!. If you are using management security, be sure to allow the following operations:
Type | Resource | Group | Permissions |
---|---|---|---|
Configure permissions | /Brokers | SMMUsers | Read |
Configure permissions | /Containers | SMMUsers | Read |
Manage permissions | /Containers | SMMUsers | Get information |
Manage permissions | /Containers | SMMUsers | Other actions [1] |
Manage permissions | /Containers/DomainManager/AGENT MANAGER | SMMUsers | Subscribe to notifications |
[1] Only required to allow the "Clear messages" button to work. This will allow the user to clear any queue they have read access to!