tencent cloud

TDMQ for RocketMQ

Release Notes and Announcements
Release Notes
Announcements
Product Introduction
Introduction and Selection of the TDMQ Product Series
What Is TDMQ for RocketMQ
Strengths
Scenarios
Product Series
Comparison with Open-Source RocketMQ
High Availability
Quotas and Limits
Supported Regions
Basic Concepts
Billing
Billing Overview
Pricing
Billing Examples
Pay-as-you-go Switch to Monthly Subscription (5.x)
Renewal
Viewing Consumption Details
Refund
Overdue Payments
Getting Started
Getting Started Guide
Preparations
Step 1: Creating TDMQ for RocketMQ Resources
Step 2: Using the SDK to Send and Receive Messages (Recommended)
Step 2: Running the TDMQ for RocketMQ Client (Optional)
Step 3: Querying Messages
Step 4: Deleting Resources
User Guide
Usage Process Guide
Configuring Account Permissions
Creating the Cluster
Configuring the Namespace
Configuring the Topic
Configuring the Group
Connecting to the Cluster
Managing Messages
Managing the Cluster
Viewing Monitoring Data and Configuring Alarms
Cross-Cluster Message Replication
Use Cases
Naming Conventions for Common Concepts of TDMQ for RocketMQ
RocketMQ Client Use Cases
RocketMQ Performance Load Testing and Capacity Assessment
Access over HTTP
Client Risk Descriptions and Update Guide
Migration Guide for TencentCloud API Operations Related to RocketMQ 4.x Cluster Roles
Migration Guide
Disruptive Migration
Seamless Migration
Developer Guide
Message Types
Message Filtering
Message Retries
POP Consumption Mode (5.x)
Clustering Consumption and Broadcasting Consumption
Subscription Relationship Consistency
Traffic Throttling
​​API Reference(5.x)
History
API Category
Making API Requests
Topic APIs
Consumer Group APIs
Message APIs
Role Authentication APIs
Hitless Migration APIs
Cloud Migration APIs
Cluster APIs
Data Types
Error Codes
​​API Reference(4.x)
SDK Reference
SDK Overview
5.x SDK
4.x SDK
Security and Compliance
Permission Management
CloudAudit
Deletion Protection
FAQs
4.x Instance FAQs
Agreements
TDMQ for RocketMQ Service Level Agreement
Contact Us
DocumentaçãoTDMQ for RocketMQUser GuideConfiguring Account PermissionsGranting Access Permissions to Sub-accountsGranting Resource-Level Permissions to Sub-accounts

Granting Resource-Level Permissions to Sub-accounts

PDF
Modo Foco
Tamanho da Fonte
Última atualização: 2026-01-23 17:34:03

Scenarios

You can grant TDMQ for RocketMQ resources owned by a root account to its sub-accounts through the policy feature in the Cloud Access Management (CAM) console. A sub-account that obtains permissions can use the resources. This document describes how to grant permissions for resources in a cluster to a sub-account. The operation steps for other types of resources are similar.

Prerequisites

A sub-account has been created for an employee using the Tencent Cloud root account. For detailed operations, see Creating a Sub-account.
At least one TDMQ for RocketMQ cluster is available.

Operation Steps

Step 1: Obtaining the Resource ID of the TDMQ for RocketMQ Cluster

1. Use the root account to log in to the TDMQ for RocketMQ console.
2. In the left sidebar, select Cluster, select a region, and copy the ID of the target cluster.


Step 2: Creating an Authorization Policy

1. Log in to the CAM console.
2. In the left sidebar, select Policies, click Create a custom policy, and select Create by policy builder for the policy creation method.
3. In the visualized policy generator, keep Effect as Allow, and select the Service. The service is selected as follows:
4.x version: Enter tdmq for filtering, and select TDMQ from the results.
5.x version: Enter trocket for filtering, and select RocketMQ (trocket) from the results.
4. Select All actions for Action. You can also select an appropriate operation type based on actual business requirements.
Note:
Certain APIs do not support resource authorization temporarily. For the APIs that support resource authorization, those displayed on the console page shall prevail.
5. Select Specific Resource for Resource, and locate the instance resource type. You can select Any resource of this type (authorize all cluster resources) on the right, or click Add a six-segment resource description (authorize specific cluster resources). In the pop-up sidebar dialog box, specify Cluster ID of the resource.

6. In the Condition section, select whether to specify the source IP addresses based on actual business requirements. After source IP addresses are specified, access to the specified operation is allowed only when requests come from the specified IP addresses.
Click Next and set the policy name. The policy name is automatically generated by the console and is set to policygen by default, with a suffix number generated based on the creation date. You can customize it.
7. Click Select User or User Group to grant resource permissions.

8. Click Completed. The sub-account granted resource permissions can access relevant resources.

Anterior: Granting Operation-Level Permissions to Sub-accountsPróximo: Granting Tag-Level Permissions to Sub-accounts

Ajuda e Suporte

Esta página foi útil?

comentários