An AMQP producer minimal permissions can modify an ANYCAST address to ANYCAST+MULTICAST then start sending topic messages to the modified address.
 
Reproducer steps:

1. Initialize – create broker with pre-defined address and security settings:

   bin/artemis create mybroker --name mybroker --user admin --password admin --no-autotune --no-hornetq-acceptor --no-mqtt-acceptor --no-stomp-acceptor --require-login --addresses FOO:anycast

2. Add user with role:

   $ cat adduser.json 
   {"type":"exec","mbean":"org.apache.activemq.artemis:broker=\"mybroker\"","operation":"addUser(java.lang.String,java.lang.String,java.lang.String,boolean)","arguments":["myuser","foobar","myrole",true]}
   $ curl -u admin:admin -H "Origin: http://localhost:8161"  http://localhost:8161/console/jolokia -H'Content-Type: application/json' -d "$(cat adduser.json)"

3. Reproduce – attempt to send message twice:

   $ bin/artemis producer --user myuser --password foobar --destination topic://FOO --message-count 1 --url tcp://localhost:61616  --protocol amqp
   ...
   Caused by: org.apache.qpid.jms.provider.ProviderException: AMQ229032: User: myuser does not have permission='CREATE_ADDRESS' on address FOO [condition = amqp:internal-error]
   
   $ bin/artemis producer --user myuser --password foobar --destination topic://FOO --message-count 1 --url tcp://localhost:61616  --protocol amqp
   ...
   Producer FOO, thread=0 Produced: 1 messages

4. Check routing type:

   $ curl -s -H "Origin: http://localhost:8161" -u admin:admin 'http://localhost:8161/console/jolokia/exec/org.apache.activemq.artemis:broker=%22mybroker%22/getAddressInfo(java.lang.String)/FOO' | jq .value
   "Address [name=FOO, routingTypes={MULTICAST,ANYCAST}, autoCreated=false]"