The way I’ve setup this is by using a dedicated user for stomp communications. I have an exchange called “web” which only deals with messages going in/out using stomp. Then I configured user permissions using the following regex `^(amq\.gen.*|web|stomp-subscription.*)$` which should get you covered for sending messages and subscribing to queues. Hope that helps!