Permission Management
Last updated: 2025-09-24 18:41:01
Tencent Cloud Message Queue for Apache Pulsar provides a comprehensive enterprise-level security protection system. Through master-sub account management, strict authorization and authentication mechanisms, it builds a multi-level, all-round security protection to ensure reliable protection for each step of message transmission and comprehensively safeguard data security.
Control Plane Permission (Account-Level)
Through Cloud Access Management (CAM) features such as root account, sub-account, and collaborator, authorization between root account and sub-account as well as across organizational accounts is implemented. At the same time, control over API calls to Tencent Cloud resources can be achieved through Access Key Management by account.
Identity Verification
Access Pulsar resources via console or TencentCloud API calls. Both methods require identity authentication to access the corresponding resource.
Log in to the console: A login password is required for verification. It also provides login protection and login verification strategy to enhance authentication security. For details, see Change login password and Set up login protection.
Call TencentCloud API: approval required for access keys (AccessKey). Access keys are secure credentials for user access to Tencent Cloud API identity verification, consisting of SecretId and SecretKey. For details, see Access Key Management.
Access Control
Through Cloud Access Management (CAM), you can perform refined permission management for Pulsar resources at the account level.
User and permission management: Create standalone users or roles for members of different functional departments based on the enterprise organizational structure, and allocate exclusive security credentials (console login password, cloud API key) or temporary credentials to ensure secure and controllable access to Pulsar resources.
Fine-grained access control: Set differentiated access policies based on employee functions to precisely control the executable operations and accessible resource scope for each user/role, achieving strict permission isolation.
Data Plane Permissions (Pulsar Resource Level)
Pulsar can assign independent roles to each producer and consumer through role-based authorization, granting production/consumption permissions for different namespaces to achieve permission isolation between roles. When a client produces or consumes messages, the system will authenticate the operation, and unauthorized actions will be rejected.
This mechanism effectively implements permission isolation between different business units, ensuring system security while meeting control requirements in multi-team collaboration scenarios. By adhering to the principle of least privilege, it fundamentally prevents data corruption caused by unauthorized access.
Was this page helpful?
You can also Contact Sales or Submit a Ticket for help.
Yes
No
Feedback