Prevent a NATS user from creating durable consumers #5044
Unanswered
pontus4138
asked this question in
Q&A
Replies: 1 comment 2 replies
-
Yes, you can add in the allow permission that create extended version you want to allow and disallow the plain |
Beta Was this translation helpful? Give feedback.
2 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Hello, I am looking at using NATS as a communication hub for sending notifications to and from browser-based clients over websocket. I want to use jetstream to allow the clients to not only get events but also have access to the event history.
However, I am worried that giving clients that I don't control access to the jetstream API will allow them to create durable consumers that will take up resources on the servers. Thus I am trying to limit a user so it can only create ephemeral consumers. I also have to be able to only allow the user to access specific subjects, my idea for that is the use consumer with a filter for a specific subject. Is this possible? Or is there a better way of managing the durable even if you dont control the client applications that are creating them?
The closest I have gotten is to only allow the user/client to publish to this subject
$JS.API.CONSUMER.CREATE.<stream>.*.<subject>
. This limits what subjects the user can see, however, this still allows the user to create durable consumers.In the documentation I also found this subject
$JS.API.CONSUMER.CREATE.<stream>
, but that does not allow filtering on a subject.Beta Was this translation helpful? Give feedback.
All reactions