Cannot view queues with monitoring role configured in Azure

[HanumanthPrasad]

Describe the bug

We are using Azure ad to authenticate rabbitmq. Created roles (administrator, monitoring) to access UI as per the documentation. While administrator is working fine, with monitoring role (appID.tag:monitoring) we are able to access UI but unable to see queues. UI is not accessible using Read/Write/configure roles. Can you let me know if i am doing anything wrong or is there is any other role without admin privileges to access UI.

Reproduction steps

Created app role monitor, UI is accessible but not queues and streams

Expected behavior

I want a role without admin privileges using which we can access rabbitmq UI and see queues as well.

Additional context

No response

[MarcialRosales]

@HanumanthPrasad Any management user who wants to access any exchange or queue must have the appropriate permission on the queue/exchange's vhost. The user-tag controls what areas of the management UI the user have access to. But to list queues or exchanges the user must have access to the vhost. In your case you want to grant the scope appID.read:*/. You could use any of the three actions, i.e. read or write or configure. All you are doing here is granting vhost access. In this particular case, you are granting access to any vhost. But the user cannot delete any queue, or create any queue, or send messages, or read messages, or add/remove bindings because the second part of the permission which follows the / character is empty.