AMQ client unable to create a subscription with only ActiveMQ Read Permission

Issue

• In Red Hat AMQ 6.x, clients that having Read permission on a topic are allowed to create a subscription. However, in Red Hat AMQ 7, when mapping Artemis permissions to ActiveMQ 5.x permissions, clients aren’t permitted to create a queue with a ActiveMQ 5.x Read permission. In our migration from ActiveMQ 5.x to AMQ 7 we are constantly receiving errors like the following:

User: x does not have permission='CREATE_NON_DURABLE_QUEUE' for queue on x.address

• It happens on multicast queues where the ActiveMQ 5.x client only has Read permission on the queue.
  We know that queues are allowed to be created if the client has the ActiveMQ 5.x Send permission. Is it possible to do have a similar behavior for the ActiveMQ 5.x Read permission, but only for multicast queues ?

Are there any alternatives that can be used in conjunction with LegacyLDAPSecuritySettingPlugin that will allow a multicast queue to be created with only a ActiveMQ 5.x Read permission?

• We can have the ability to create multicast queues with a ActiveMQ 5.x Read permission. The current implementation works as documented - the Artemis CREATE_NON_DURABLE_QUEUE and CREATE_DURABLE_QUEUE permissions are mapped to the ActiveMQ 5.x Admin permission. What we want is the capability to also map the CREATE_NON_DURABLE_QUEUE and REATE_DURABLE_QUEUE permissions to the ActiveMQ 5.x Read permission for multicast queues. This is for using the LDAP security plugin.