Read-Access to queue requires admin rights?

[Moser Michael <mi...@elca.ch.INVALID>]

Hi all
I am relatively new to AMQ, so please bear with me.

Our customer had recently decided to move connectivity to one of his applications that our application needs to access to JMS/AMQ (instead of a former SOAP/WebService).
We changed/implemented that in our application and things work all OK but for one odd detail:

When we installed that new application version at the customer's premise our application couldn't get access to the AMQ queue (we kept getting "permission denied errors") until we were given admin rights on that queue.
In our test environment (a plain vanilla AMQ "classic" installation that I installed and configured) we had NOT needed that, i.e. read-permission was all we need to read from our test AMQ.
So, things work now but I am feeling a bit uneasy to require admin rights for some resource when read-only permissions should be sufficient (even though our client wouldn't mind to permanently grant us that permission).

I understand that to create a queue (in case it doesn't exist, yet) one needs admin rights. But if that queue already exists and one only wants to read from it then IMHO read-permissions should be sufficient.
And the queues definitely already *do* exist - in both environments. So why would we then need admin rights for access in one and not in the other environment? What could be the reason for that?

And how can one proceed to investigate, why read-only access is not working?

Our test environment is running Apache MQ 5.16.3 ("classic").
The customer's installation is using spring-boot-starter-activemq 2.6.7 which apparently contains org.apache.activemq:activemq-broker:5.16.4 (I think that's the "classic" variant, too, not the new "artemis")

Cheers,
Michael