TDMQ for RocketMQ
Last updated: 2025-12-04 09:15:07
Fundamental information
| Product | Abbreviation in CAM | Console | Authorization by Tag | Authorization Granularity | IP Restriction |
|---|---|---|---|---|---|
| RocketMQ | trocket | Supported | Supported | Resource level | Partially supported |
Note:
The authorization granularity of cloud products is divided into three levels: service level, operation level, and resource level, based on the degree of granularity.
- Service level: It defines whether a user has the permission to access the service as a whole. A user can have either full access or no access to the service. For the authorization granularity of cloud products at service level, the authorization of specific APIs are not supported.
- Operation level: It defines whether a user has the permission to call a specific API of the service. For example, granting an account read-only access to the CVM service is an authorization at the operation level.
- Resource level: It is the finest authorization granularity which defines whether a user has the permission to access specific resources. For example, granting an account read/write access to a specific CVM instance is an authorization at the resource level.
API authorization granularity
Two authorization granularity levels of API are supported: resource level, and operation level.
- Resource level: It supports the authorization of a specific resource.
- Operation level: It does not support the authorization of a specific resource. If the policy syntax restricts a specific resource during authorization, CAM will determine that this API is not within the scope of authorization, and deem it as unauthorized.
Write operations
| API | API Description | Authorization Granularity | Six-segment Resource Description | IP Restriction |
|---|---|---|---|---|
| AddMQTTClientSubscription | AddMQTTClientSubscription | Operation level | * | Supported |
| ChangeMigratingTopicToNextStage | Move a migrating topic to next stage | Resource level | qcs::trocket:${region}:uin/${uin}:taskId/${taskId} | Supported |
| CreateChaosTask | Create a chaos task | Resource level | qcs::trocket::uin/${uin}:instance/${InstanceId} | Supported |
| CreateClusterSyncTask | CreateClusterSyncTask | Operation level | * | Supported |
| CreateConsumerGroup | Create a consumer group | Resource level | qcs::trocket:${region}:uin/${uin}:consumerGroup/${InstanceId}/* | Supported |
| CreateInstance | Create a new instance | Resource level | qcs::trocket:${region}:uin/${uin}:instance/* | Supported |
| CreateInstanceEndpoint | Create endpoint | Resource level | qcs::trocket:${region}:uin/${uin}:instance/${InstanceId} | Supported |
| CreateMQTTInsInternalEndpoint | CreateMQTTInsInternalEndpoint | Operation level | * | Supported |
| CreateMQTTInsPublicEndpoint | CreateMQTTInsPublicEndpoint | Operation level | * | Supported |
| CreateMQTTInstance | CreateMQTTInstance | Operation level | * | Supported |
| CreateMQTTJWKSAuthenticator | CreateMQTTJWKSAuthenticator | Operation level | * | Supported |
| CreateMQTTTopic | CreateMQTTTopic | Operation level | * | Supported |
| CreateMQTTUser | CreateMQTTUser | Operation level | * | Supported |
| CreateMigrationTask | create migration task | Operation level | * | Supported |
| CreatePerformanceTestJob | Create a performance test job | Resource level | qcs::trocket:${region}:uin/${uin}:instance/${InstanceId} | Supported |
| CreateRole | Create a role | Resource level | qcs::trocket:${region}:uin/${uin}:instance/${InstanceId} | Supported |
| CreateSmoothMigrationTask | Create a smooth migration task | Operation level | * | Supported |
| CreateTopic | Create a topic | Resource level | qcs::trocket:${region}:uin/${uin}:topic/${InstanceId}/* | Supported |
| DeleteBrokerNode | Delete unable broker node. | Resource level | qcs::trocket::uin/${uin}:instance/${InstanceId} | Supported |
| DeleteClusterSyncTask | DeleteClusterSyncTask | Operation level | * | Supported |
| DeleteConsumerGroup | Delete a consumer group | Resource level | qcs::trocket:${region}:uin/${uin}:consumerGroup/${InstanceId}/${ConsumerGroup} | Supported |
| DeleteConsumerOffset | Delete consumer offset. | Resource level | qcs::trocket::uin/${uin}:instance/${InstanceId} | Supported |
| DeleteInstance | Delete an instance | Resource level | qcs::trocket:${region}:uin/${uin}:instance/${InstanceId} | Supported |
| DeleteInstanceEndpoint | Delete an endpoint | Resource level | qcs::trocket:${region}:uin/${uin}:instance/${InstanceId} | Supported |
| DeleteMQTTAuthenticator | DeleteMQTTAuthenticator | Operation level | * | Supported |
| DeleteMQTTClientSubscription | DeleteMQTTClientSubscription | Operation level | * | Supported |
| DeleteMQTTInsInternalEndpoint | DeleteMQTTInsInternalEndpoint | Operation level | * | Supported |
| DeleteMQTTInsPublicEndpoint | DeleteMQTTInsPublicEndpoint | Operation level | * | Supported |
| DeleteMQTTInstance | DeleteMQTTInstance | Operation level | * | Supported |
| DeleteMQTTTopic | DeleteMQTTTopic | Operation level | * | Supported |
| DeleteMQTTUser | DeleteMQTTUser | Operation level | * | Supported |
| DeleteRole | Delete a role | Resource level | qcs::trocket:${region}:uin/${uin}:instance/${InstanceId} | Supported |
| DeleteSmoothMigrationTask | Delete a smooth migration task | Resource level | qcs::trocket:${region}:uin/${uin}:taskId/${taskId} | Supported |
| DeleteTopic | Delet a topic | Resource level | qcs::trocket:${region}:uin/${uin}:topic/${InstanceId}/${Topic} | Supported |
| DescribeNewOrderDetails | Describe order details for create instance. | Resource level | qcs::trocket:${region}:uin/${uin}:instance/* | Supported |
| DoHealthCheckOnMigratingTopic | Do health check on a migrating topic | Resource level | qcs::trocket:${region}:uin/${uin}:taskId/${taskId} | Supported |
| ImportACLForSmoothMigration | Import ACL in a smooth migration task. | Resource level | qcs::trocket:${region}:uin/${uin}:taskId/${taskId} | Supported |
| ImportSourceClusterConsumerGroups | Import consumer groups from migrating cluster | Resource level | qcs::trocket:${region}:uin/${uin}:taskId/${taskId} | Supported |
| ImportSourceClusterTopics | Import topics from cluster which is in migration | Resource level | qcs::trocket:${region}:uin/${uin}:taskId/${taskId} | Supported |
| ModifyBrokerNode | Modify broker node. | Resource level | qcs::trocket::uin/${uin}:instance/${InstanceId} | Supported |
| ModifyClusterSyncTask | ModifyClusterSyncTask | Operation level | * | Supported |
| ModifyConsumerGroup | Modify a consumer group | Resource level | qcs::trocket:${region}:uin/${uin}:consumerGroup/${InstanceId}/${ConsumerGroup} | Supported |
| ModifyInstance | Modify an instance | Resource level | qcs::trocket:${region}:uin/${uin}:instance/${InstanceId} | Supported |
| ModifyInstanceEndpoint | Modify an endpoint | Resource level | qcs::trocket:${region}:uin/${uin}:instance/${InstanceId} | Supported |
| ModifyInstancePayMode | Modify an instance pay mode. | Resource level | qcs::trocket::uin/${uin}:instance/${instanceId} | Supported |
| ModifyInstanceStatus | Modify an instance status | Resource level | qcs::trocket:${region}:uin/${uin}:instance/${instanceId} | Supported |
| ModifyMQTTInsPublicEndpoint | ModifyMQTTInsPublicEndpoint | Operation level | * | Supported |
| ModifyMQTTInstance | ModifyMQTTInstance | Operation level | * | Supported |
| ModifyMQTTInstanceCertBinding | ModifyMQTTInstanceCertBinding | Operation level | * | Supported |
| ModifyMQTTJWKSAuthenticator | ModifyMQTTJWKSAuthenticator | Operation level | * | Supported |
| ModifyMQTTTopic | ModifyMQTTTopic | Operation level | * | Supported |
| ModifyMQTTUser | ModifyMQTTUser | Operation level | * | Supported |
| ModifyRole | Modify a role | Resource level | qcs::trocket:${region}:uin/${uin}:instance/${InstanceId} | Supported |
| ModifySmoothMigrationTask | Modify a smooth migration task | Resource level | qcs::trocket:${region}:uin/${uin}:taskId/${taskId} | Supported |
| ModifyTopic | modify topic | Resource level | qcs::trocket:${region}:uin/${uin}:topic/${InstanceId}/${Topic} | Supported |
| PauseClusterSyncTask | PauseClusterSyncTask | Operation level | * | Supported |
| PublishMQTTMessage | PublishMQTTMessage | Operation level | * | Supported |
| RemoveMigratingTopic | Remove a migrating topic | Resource level | qcs::trocket:${region}:uin/${uin}:taskId/${taskId} | Supported |
| RenewInstance | Renew an instance. | Resource level | qcs::trocket::uin/${uin}:instance/${InstanceId} | Supported |
| ResendDeadLetterMessage | resend deadLetter message | Resource level | qcs::trocket:${region}:uin/${uin}:consumerGroup/${InstanceId}/${ConsumerGroup} | Supported |
| ResetAllConsumerGroupOffset | reset all consume group offset | Resource level | qcs::trocket::uin/${uin}:instance/${InstanceId} | not supported |
| ResetConsumerGroupOffset | Reset consumer group offset | Resource level | qcs::trocket:${region}:uin/${uin}:consumerGroup/${InstanceId}/${ConsumerGroup} | Supported |
| RestartClusterSyncTask | RestartClusterSyncTask | Operation level | * | Supported |
| RestoreInstance | Restore the RocketMQ cluster | Resource level | qcs::trocket::uin/${uin}:instance/${InstanceId} | Supported |
| RollbackMigratingTopicStage | Rollback migrating topic to previous stage | Resource level | qcs::trocket:${region}:uin/${uin}:taskId/${taskId} | Supported |
| SendMessage | Send a message | Resource level | qcs::trocket:${region}:uin/${uin}:topic/${instanceId}/${topic} | Supported |
| TerminatePerformanceTestJob | Terminate a performance job | Resource level | qcs::trocket:${region}:uin/${uin}:instance/${InstanceId} | Supported |
| VerifyMessageConsumption | Verify message consumption | Resource level | qcs::trocket:${region}:uin/${uin}:topic/${instanceId}/${topic} | Supported |
Other Operations
| API | API Description | Authorization Granularity | Six-segment Resource Description | IP Restriction |
|---|---|---|---|---|
| CheckMQTTJWKSEndpointConnection | CheckMQTTJWKSEndpointConnection | Operation level | * | Supported |
Read operations
| API | API Description | Authorization Granularity | Six-segment Resource Description | IP Restriction |
|---|---|---|---|---|
| DescribeBrokerStatus | Describe broker process status. | Resource level | qcs::trocket::uin/${uin}:instance/${InstanceId} | Supported |
| DescribeChaosTask | Describe the running info of chaos task | Operation level | * | Supported |
| DescribeClusterSyncTaskDetail | DescribeClusterSyncTaskDetail | Operation level | * | Supported |
| DescribeConsumerClient | Describe a consumer client | Resource level | qcs::trocket:${region}:uin/${uin}:consumerGroup/${InstanceId}/${ConsumerGroup} | Supported |
| DescribeConsumerClientLag | Describe a consumer client lag | Resource level | qcs::trocket:${region}:uin/${uin}:instance/${InstanceId} | Supported |
| DescribeConsumerClientList | Describe consumer clients | Resource level | qcs::trocket:${region}:uin/${uin}:consumerGroup/${InstanceId}/${ConsumerGroup} | Supported |
| DescribeConsumerGroup | Describe a consumer group | Resource level | qcs::trocket:${region}:uin/${uin}:consumerGroup/${InstanceId}/${ConsumerGroup} | Supported |
| DescribeConsumerLag | Describe a consumer lag number. | Resource level | qcs::trocket::uin/${uin}:consumerGroup/${InstanceId}/${ConsumerGroup} | Supported |
| DescribeConsumerStack | describe consumer stack. | Resource level | qcs::trocket:${region}:uin/${uin}:consumerGroup/${ClusterId}/${GroupId} | Supported |
| DescribeDetailedRoleList | Describe detailed role list for topic and group. | Resource level | qcs::trocket::uin/${uin}:instance/${InstanceId} | Supported |
| DescribeInstance | Describe an instance | Resource level | qcs::trocket:${region}:uin/${uin}:instance/${InstanceId} | Supported |
| DescribeInstanceDeliveryProgress | Describe an instance delivery progress | Resource level | qcs::trocket:${region}:uin/${uin}:instance/${instanceId} | Supported |
| DescribeInstanceFeatures | Describe Instance Features. | Resource level | qcs::trocket:${region}:uin/${uin}:instance/${InstanceId} | Supported |
| DescribeInstanceTopUsages | Describe instance usages | Resource level | qcs::trocket:${region}:uin/${uin}:instance/${instanceId} | Supported |
| DescribeMQTTAuthenticator | DescribeMQTTAuthenticator | Operation level | * | Supported |
| DescribeMQTTClient | DescribeMQTTClient | Operation level | * | Supported |
| DescribeMQTTInsInternalEndpoint | DescribeMQTTInsInternalEndpoint | Operation level | * | Supported |
| DescribeMQTTInsPublicEndpoints | DescribeMQTTInsPublicEndpoints | Operation level | * | Supported |
| DescribeMQTTInsVPCEndpoints | DescribeMQTTInsVPCEndpoints | Operation level | * | Supported |
| DescribeMQTTInstance | DescribeMQTTInstance | Operation level | * | Supported |
| DescribeMQTTInstanceCert | DescribeMQTTInstanceCert | Operation level | * | Supported |
| DescribeMQTTInstanceRealtimeStats | DescribeMQTTInstanceRealtimeStats | Operation level | * | Supported |
| DescribeMQTTMessage | DescribeMQTTMessage | Operation level | * | Supported |
| DescribeMQTTTopic | DescribeMQTTTopic | Operation level | * | Supported |
| DescribeMessage | Describe a message | Resource level | qcs::trocket:${region}:uin/${uin}:instance/${InstanceId} | Supported |
| DescribeMessageList | Describe message list | Resource level | qcs::trocket:${region}:uin/${uin}:instance/${InstanceId} | Supported |
| DescribeMessageTrace | Describe message traces | Resource level | qcs::trocket:${region}:uin/${uin}:instance/${InstanceId} | Supported |
| DescribeMetadataSyncResult | DescribeMetadataSyncResult | Operation level | * | Supported |
| DescribeMetadataSyncState | DescribeMetadataSyncState | Operation level | * | Supported |
| DescribeMigratingGroupStats | Describe a consumer group realtime stats | Resource level | qcs::trocket:${region}:uin/${uin}:taskId/${taskId} | Supported |
| DescribeMigratingTopicAccessInfo | Describe access info of a migrating topic | Resource level | qcs::trocket:${region}:uin/${uin}:taskId/${taskId} | Supported |
| DescribeMigratingTopicList | Describe a list of migrating topics | Resource level | qcs::trocket:${region}:uin/${uin}:taskId/${taskId} | Supported |
| DescribeMigratingTopicStats | Describe statistics of a migrating topic | Resource level | qcs::trocket:${region}:uin/${uin}:taskId/${taskId} | Supported |
| DescribeMigrationEndpoints | Describe access endpoints of a migration task | Resource level | qcs::trocket:${region}:uin/${uin}:taskId/${taskId} | Supported |
| DescribeMigrationTask | describe migration task | Resource level | qcs::trocket:${region}:uin/${uin}:taskId/${TaskId} | Supported |
| DescribeMigrationTaskList | describe migration task list | Operation level | * | Supported |
| DescribeModifyOrderDetails | Describe order details for modify instanc. | Resource level | qcs::trocket::uin/${uin}:instance/${InstanceId} | Supported |
| DescribePerformanceTestJob | Describe information of a performance test job | Resource level | qcs::trocket:${region}:uin/${uin}:instance/${InstanceId} | Supported |
| DescribePerformanceTestJobMetric | Get metric list of a performance test job | Resource level | qcs::trocket:${region}:uin/${uin}:instance/${InstanceId} | Supported |
| DescribePerformanceTestJobNodes | Get execution nodes information of a performance test job | Resource level | qcs::trocket:${region}:uin/${uin}:instance/${InstanceId} | Supported |
| DescribeProducerList | Describe producer list | Resource level | qcs::trocket::uin/${uin}:instance/${instanceId} | Supported |
| DescribeProductSKUs | Describe product skus | Operation level | * | Supported |
| DescribePurchaseConfig | Describe user purchase config | Operation level | * | Supported |
| DescribeRenewOrderDetails | Describe order details for renew instance. | Resource level | qcs::trocket::uin/${uin}:instance/${InstanceId} | Supported |
| DescribeRetryMessageList | describe rocketMQ retry message list | Resource level | qcs::trocket:${region}:uin/${uin}:instance/${instanceId} | Supported |
| DescribeSmoothMigrationTask | Describe detail of a migration task | Resource level | qcs::trocket:${region}:uin/${uin}:taskId/${taskId} | Supported |
| DescribeSourceClusterGroupList | Describe consume groups of source cluster | Resource level | qcs::trocket:${region}:uin/${uin}:taskId/${taskId} | Supported |
| DescribeSourceClusterTopicList | Describe topics of source cluster | Resource level | qcs::trocket:${region}:uin/${uin}:taskId/${taskId} | Supported |
| DescribeTopic | Describe a topic | Resource level | qcs::trocket:${region}:uin/${uin}:topic/${InstanceId}/${Topic} | Supported |
| DescribeTopicListByGroup | Describe topic list by group | Resource level | qcs::trocket:${region}:uin/${uin}:consumerGroup/${InstanceId}/${ConsumerGroup} | Supported |
| DescribeTopicQuota | Describe topic quota. | Resource level | qcs::trocket:${region}:uin/${uin}:instance/${InstanceId} | Supported |
| DescribeTopicStatisticalList | Describe topic type and count | Resource level | qcs::trocket:${region}:uin/${uin}:instance/${instanceId} | Supported |
| ExportMessage | Export messages | Resource level | qcs::trocket:${region}:uin/${uin}:instance/${InstanceId} | Supported |
| QueryPriceRenewOrder | Query price for renew instance. | Resource level | qcs::trocket::uin/${uin}:instance/${InstanceId} | Supported |
List Operations
| API | API Description | Authorization Granularity | Six-segment Resource Description | IP Restriction |
|---|---|---|---|---|
| DescribeClusterSyncTaskList | DescribeClusterSyncTaskList | Operation level | * | Supported |
| DescribeConsumerGroupList | Describe consumer group list | Resource level | qcs::trocket:${region}:uin/${uin}:consumerGroup/${InstanceId}/${ConsumerGroup} | Supported |
| DescribeConsumerGroups | Describe ConsumerGroup List. | Resource level | qcs::trocket::uin/${uin}:consumerGroup/${InstanceId}/${ConsumerGroup} | Supported |
| DescribeFusionInstanceList | describe fusion instance list | Resource level | qcs::trocket:${region}:uin/${uin}:instance/${InstanceId} | Supported |
| DescribeFusionMigrationTaskList | describe fusion migration task list | Resource level | qcs::trocket:${region}:uin/${uin}:taskId/${taskId} | Supported |
| DescribeInstanceList | Describe a list of instances | Resource level | qcs::trocket:${region}:uin/${uin}:instance/${InstanceId} | Supported |
| DescribeMQTTClientList | DescribeMQTTClientList | Operation level | * | Supported |
| DescribeMQTTInstanceList | DescribeMQTTInstanceList | Operation level | * | Supported |
| DescribeMQTTMessageList | DescribeMQTTMessageList | Operation level | * | Supported |
| DescribeMQTTProductSKUList | DescribeMQTTProductSKUList | Operation level | * | Supported |
| DescribeMQTTSubTopic | DescribeMQTTSubTopic | Operation level | * | Supported |
| DescribeMQTTSubscription | DescribeMQTTSubscription | Operation level | * | Supported |
| DescribeMQTTTopicList | DescribeMQTTTopicList | Operation level | * | Supported |
| DescribeMQTTUserList | DescribeMQTTUserList | Operation level | * | Supported |
| DescribePerformanceTestJobList | Get a list of performance test jobs | Resource level | qcs::trocket:${region}:uin/${uin}:instance/${InstanceId} | Supported |
| DescribeProductNews | Describe Product News | Operation level | * | Supported |
| DescribeRoleList | Describe role list | Resource level | qcs::trocket:${region}:uin/${uin}:instance/${InstanceId} | Supported |
| DescribeSmoothMigrationTaskList | Describe a list of smooth migration tasks | Resource level | qcs::trocket:${region}:uin/${uin}:taskId/${taskId} | Supported |
| DescribeTopicList | Describe topic list | Resource level | qcs::trocket:${region}:uin/${uin}:topic/${InstanceId}/${Topic} | Supported |
| DescribeTopics | Describe all topics. | Resource level | qcs::trocket::uin/${uin}:topic/${InstanceId}/${Topic} | Supported |
Was this page helpful?
You can also Contact Sales or Submit a Ticket for help.
Yes
No
Feedback