Configuring RocketMQ ACL Users

To produce and consume messages to RocketMQ instances with ACL enabled, add ACL users. You can create multiple users and assign different topic and consumer group permissions to them.

Prerequisites

A RocketMQ instance has been purchased.
ACL has been enabled.

Creating a User

Log in to the console.
Click in the upper left corner to select a region.

Select the region where your RocketMQ instance is located.
Click and choose Application > Distributed Message Service for RocketMQ to open the console of DMS for RocketMQ.
In the navigation pane, choose Users.
Click Create User.

Configure the user's name and other parameters by referring to Table 1.

**Table 1** User parameters
Parameter	Description
Name	Name of the user. A username must meet the following requirements: Contains 7 to 64 characters. Only letters, digits, hyphens (-), and underscores (_) are allowed. The value must start with a letter. The name must be unique. The name cannot be changed after the user is created.
IP Whitelist	Users from whitelisted IP addresses have publish/subscribe permissions for all topics and consumer groups, and their secret keys will not be verified. The IP whitelist can be set to specific IP addresses or network segments. Use commas (,) to separate multiple IP addresses, for example, 192.168.1.2,192.168.2.3. IP network segment, for example, 192...*.
Administrator	A user configured as the administrator will have publish/subscribe permissions for all topics and consumer groups. Unavailable for v5.x basic edition.
Default Topic Permissions	Specifies the default topic permission of a user. Options: None: The topic is disabled. Publish: Users can only send messages to the topic. Subscribe: Users can only consume messages from the topic. Publish/Subscribe: Users can send messages to or consume them from the topic. The default permissions will be overwritten by the permissions configured for specific topics, if any. For example, if Default Topic Permissions is set to Subscribe, but a topic is configured with the Publish/Subscribe permissions, the topic's actual permissions will be Publish/Subscribe. Unavailable for v5.x basic edition.
Default Consumer Group Permissions	Specifies the default consumer group permission of a user. Options: None: the consumer group is disabled. Subscribe: The consumer group is enabled. The default permissions will be overwritten by the permissions configured for specific consumer groups, if any. For example, if a consumer group is configured with the None permissions, the user will not have permissions for the consumer group, even if Default Consumer Group Permissions is set to Subscribe. Unavailable for v5.x basic edition.
Secret Key	The user's secret key. The key setting rules are as follows: Contains 8 to 32 characters. Cannot start with "-", contains at least three types of the following characters: uppercase letters, lowercase letters, digits, and special characters `~!@#$%^&*()-_=+\\|[{}];:'",<.>/? Cannot be the username or the username spelled backwards.

Click OK.

(Optional) Assigning Topic or Consumer Group Permissions to a User

Users are created with default topic and consumer group permissions. To modify the default permissions, reset them here. By default, the administrator has all permissions.

Unavailable for v5.x basic edition.

Click a user to go to the user details page.
On the Topic Permissions or Consumer Group Permissions tab page, click Add.
Select desired topics or consumer groups, select the required permissions, and click OK.

These permissions overwrite the default permissions. For example, in Figure 1, users finally have publish/subscribe permissions for topic test01.

Figure 1 User details page
The following operations can also be performed on the Topic Permissions or Consumer Group Permissions tab page.
- Exporting the topic or consumer group list: Choose Export > Export all data to an XLSX file or Export > Export selected data to an XLSX file.
- Deleting topics or consumer groups in either of the following ways:
  - In the row containing the topic or consumer group to be deleted, click Delete.
  - Select the topics or consumer groups to be deleted and click Delete in the upper left corner.

Accessing the Server as a User

After ACL is enabled for an instance, user authentication information must be added to both the producer and consumer configurations. For details, see the following instructions:

Modifying User Information

Log in to the console.
Click in the upper left corner to select a region.

Select the region where your RocketMQ instance is located.
Click and choose Application > Distributed Message Service for RocketMQ to open the console of DMS for RocketMQ.
Click a RocketMQ instance to go to the instance details page.
In the navigation pane, choose Users.
In the row containing the desired user, click Edit.
Modify the user information as required.

Usernames cannot be changed. For other parameters, see Table 1.
Click OK.

Exporting Users

Log in to the console.
Click in the upper left corner to select a region.

Select the region where your RocketMQ instance is located.
Click and choose Application > Distributed Message Service for RocketMQ to open the console of DMS for RocketMQ.
Click a RocketMQ instance to go to the instance details page.
In the navigation pane, choose Users.
Export the user list in either of the following ways:
- Select the desired users and choose Export > Export selected data to an XLSX file to export specified users.
- Choose Export > Export all data to an XLSX file to export all users.

Deleting a User

Deleting a user will remove its authorization relationship and disconnect it from the instance.

Log in to the console.
Click in the upper left corner to select a region.

Select the region where your RocketMQ instance is located.
Click and choose Application > Distributed Message Service for RocketMQ to open the console of DMS for RocketMQ.
Click a RocketMQ instance to go to the instance details page.
In the navigation pane, choose Users.
In the row containing the desired user, click Delete.
Click OK.