Permission Management
Last updated:2026-01-04 15:13:50
TDMQ for RabbitMQ provides a comprehensive enterprise-level security protection system. Through root account/sub-account management and strict authorization and authentication mechanisms, it builds multi-layered and all-round security protection, ensuring reliable protection for each stage in message transmission and comprehensively safeguarding data security.
Control Plane Permissions (Account Level)
Cross-account authorization services between root accounts/sub-accounts and across enterprises are achieved through root accounts/sub-accounts, collaborators, and other features of Cloud Access Management (CAM). In addition, account access key management can be used to control cloud resources called using APIs.
Identity Authentication
To access TDMQ for RabbitMQ resources through the console or by calling cloud APIs, identity authentication is required, and resources can be accessed after authentication is successful.
Logging in to the console: The login password needs to be verified, and login protection and login verification policies are provided to enhance identity authentication security. For detailed information, see Changing the Login Password, Setting Login Protection, and Setting the Login Verification Method.
Calling TencentCloud API: The access key (AccessKey) needs to be verified. Access keys are security credentials used for identity authentication when users access TencentCloud API, which consist of SecretId and SecretKey. For detailed information, see Account Access Key Management.
Access Control
Through CAM, fine-grained permission management for TDMQ for RabbitMQ resources can be implemented at the account level.
User and permission assignment: Based on the enterprise organizational structure, independent users or roles are created for members of different functional departments, and dedicated security credentials (such as the console login password and cloud API key) or temporary credentials are assigned to ensure secure and controlled access to TDMQ for RabbitMQ resources.
Fine-grained permission control: Set differentiated access policies based on employee responsibilities to precisely control the types of operations each user or role can perform and the scope of resources they can access, achieving strict permission isolation.
Data Plane Permissions (TDMQ for RabbitMQ Resource-Level)
TDMQ for RabbitMQ allows you to use the user and permission management feature to configure independent user identities for each producer and consumer, with each user assigned a unique username and password. You can also grant different operation permissions, including configuration and read/write permissions, for various resources within specific vhosts to different users, thereby achieving permission isolation between users.
Configuration permissions: Affect the declaration and deletion of exchanges and queues.
Read/Write permissions: Affect reading messages from queues, sending messages to exchanges, and binding queues and exchanges.
When a client produces or consumes messages, the system performs authentication, and unauthorized operations will be rejected.
Was this page helpful?
You can also Contact Sales or Submit a Ticket for help.
Yes
No
Feedback