Hi Ivo, 

JMS rights are different from REST rights, so to speak, and JMS is also not used in the same way: it's in fact possible (likely?) that users will want a different user to have access to the JMS queues than the users who have access to the UI and REST api. 

Would it be okay to add documentation describing how to modify the standalone(-full).xml (or domain.xml) to give access to the queues?

Hi Marco,

I believe that the product should be pre-configured to include the roles Ivo mentioned above. That would be up to productization though. 

Other than that I believe that documenting the proper way to change the groups would be sufficient.

If you don't mind I will change the Component to 'Build and Assembly'.

@M

Marek, 

That sounds good. I've chancged the component. 

Would you mind assigning this to the right person? (Doug? Nick?)

Internal Whiteboard: Beta Blocker → Blocker
Not critical for Beta, but need to address for GA

It has been fixed and will target it on ER4.

FailedQA in BPMS-6.0.0.ER4:

the standalone.xml and standalone-full.xml still don't contain group admin and/or (kie-user, analyst).

<security-setting match="#">
  <permission type="send" roles="guest"/>
  <permission type="consume" roles="guest"/>
  <permission type="createNonDurableQueue" roles="guest"/>
  <permission type="deleteNonDurableQueue" roles="guest"/>
</security-setting>

this is my proposal of the expected configuration:

<security-setting match="KIE.#"> <!-- probably I would change the queue match for the queues in business central only -->
  <permission type="send" roles="admin"/> <!-- at least admin should be able to send JMS', the same for consume -->
  <permission type="consume" roles="admin"/>
  <permission type="createNonDurableQueue" roles="admin"/>
  <permission type="deleteNonDurableQueue" roles="admin"/>
</security-setting>

Verified in BPMS 6.0.0.ER5