Create a user that does not have access to Stream Management APIs

[shiju80]

We are using NATS Jetstream for one-to-one communication using unique streams and subjects. This stream is accessed using WebSocket on browser.
Now how can we restrict the client (with a user / password) to not have access to stream info etc that is part of JSM APIs, so that this user / client can access only its stream, but not all streams in the account.
Thanks

[amitamit281]

you can add the JSM api subjects permission at user level to access of the particular stream that it should suppose to access https://docs.nats.io/reference/reference-protocols/nats_api_reference#consumers