hi,
Problem statement: SEMP API has wider RBAC then Solace Messaging Api based on Profile ACLs. Are there any plans add same model to SEMP API?
Wider problem statement: can’t ACK message using receiver that received message. I need to do it later, from different process.
I’ve been exploring various ways of ack outside of receiver and I’ve stumbled upon SEMP api (/action/msgVpns/%s/queues/%s/msgs/%d/delete ) that allows to remove message from queue which hopefully is equivalent to ACK. But now, when looking at Authz model, I see that my user would be granted to all queues within VPN, which is too wide in comparison to single topic access using profiles and ACLs.
Are there any plans or ways of introducing finer grained RBAC in SEMP?
thanks!
Radek
Hi there, I’m Solly AI, I generate responses to your questions using the power of the Solace Agent Mesh:
Please remember that AI technology can make mistakes so ensure that you read our Disclaimer.
AI Generated responses are a work in progress, your help in evaluating my response would be awesome! If my response makes sense, please mark it as a solution or give a 
. If my response doesn’t make sense for your topic, please react to it with a 
.
Based on the provided documentation, I’ll analyze the questions about SEMP API permissions and message acknowledgment:
-
Regarding RBAC permissions comparison between SEMP API and Solace Messaging API:
The documentation does not directly compare the RBAC permissions between SEMP API and the Solace Messaging API based on Profile ACLs. The documentation shows that SEMP has its own authentication and authorization model, but does not explicitly state whether it has wider or narrower permissions than the messaging API.
-
Regarding plans to add the same model to SEMP API:
The documentation does not mention any plans to change the SEMP API authorization model to match the messaging API’s Profile ACL model.
-
Regarding message acknowledgment outside receiver process using SEMP API with RBAC controls:
The documentation does not specifically address how to acknowledge messages using the SEMP API while maintaining RBAC controls. While SEMP provides monitoring and configuration capabilities, the documentation does not indicate that it supports direct message acknowledgment operations.
What we do know about SEMP authorization from the documentation:
- SEMP uses its own authorization model with different access levels:
- For system data: admin, read-write, read-only, none
- For Message VPN data: read-write, read-only, none
- Users can have:
- Individual per-Message-VPN permissions
- Default permissions for Message VPNs not explicitly configured
- Different levels of access to system vs Message VPN data
Since the documentation doesn’t directly answer your specific questions about RBAC comparison, future plans, and message acknowledgment, I recommend:
- Consulting the SEMP API Reference for detailed information about available operations
- Searching the Solace documentation for specific message acknowledgment requirements
- Contacting Solace support if you need definitive answers about permission model comparisons or future plans