- What's New
- Function Overview
- Product Bulletin
-
Service Overview
- Infographics
- What Is DMS for RabbitMQ?
- Product Advantages
- Application Scenarios
- Specifications
- Comparing RabbitMQ, Kafka, and RocketMQ
- Comparing RabbitMQ AMQP-0-9-1 with Open-Source RabbitMQ
- Comparing RabbitMQ Versions
- Related Services
- Security
- Notes and Constraints
- Basic Concepts
- Exchanges
- Permissions Management
- Billing
- Getting Started
-
User Guide
- Process of Using RabbitMQ
- Permissions Management
- Buying a RabbitMQ Instance
- Configuring Virtual Hosts
- Accessing a RabbitMQ Instance
- Managing Messages
- Advanced Features
-
Managing Instances
- Viewing and Modifying Basic Information of a RabbitMQ Instance
- Viewing RabbitMQ Client Connection Addresses
- Managing RabbitMQ Instance Tags
- Configuring RabbitMQ Recycling Policies
- Resetting the RabbitMQ Instance Password
- Enabling RabbitMQ Plug-ins
- Exporting the RabbitMQ Instance List
- Deleting a RabbitMQ Instance
- Logging In to RabbitMQ Management UI
- Modifying RabbitMQ Instance Specifications
- Migrating RabbitMQ Services
- Testing Instance Performance
- Applying for Increasing RabbitMQ Quotas
- Viewing Metrics and Configuring Alarms
- Viewing RabbitMQ Audit Logs
-
Best Practices
- RabbitMQ Best Practices
- Automatic Recovery of a RabbitMQ Client from Network Exceptions
- Automatic Consumer Reconnection After a RabbitMQ Node Restart
- Improving RabbitMQ Performance
- Configuring Queue Load Balancing
- Deduplicating Messages Through Message Idempotence
- Suggestions on Using DMS for RabbitMQ Securely
- Developer Guide
-
API Reference
- Before You Start
- API Overview
- Calling APIs
- Getting Started
- APIs V2 (Recommended)
- Permissions and Supported Actions
- Out-of-Date APIs
- Appendix
- Change History
- SDK Reference
-
FAQs
-
Instances
- What RabbitMQ Version Does DMS for RabbitMQ Use?
- What SSL Version Does DMS for RabbitMQ Use?
- Why Can't I View the Subnet and Security Group Information During Instance Creation?
- How Are Requests Evenly Distributed to Each VM of a Cluster RabbitMQ Instance?
- Do Queues Inside a Cluster RabbitMQ Instance Have Any Redundancy Backup?
- Does DMS for RabbitMQ Support Data Persistence? How Do I Perform Scheduled Data Backups?
- How Do I Obtain the Certificate After SSL Has Been Enabled?
- Can I Change the SSL Setting of a RabbitMQ Instance?
- Can RabbitMQ Instances Be Scaled Up?
- Does RabbitMQ Support Two-Way Authentication?
- Does DMS for RabbitMQ Support CPU and Memory Upgrades?
- How Do I Disable the RabbitMQ Management UI?
- Can I Change the AZ for an Instance?
- How Do I Obtain the Region ID?
- Why Can't I Select Two AZs?
- How to Change Single-node RabbitMQ Instances to Cluster Ones?
- Can I Change the VPC and Subnet After a RabbitMQ Instance Is Created?
-
Connections
- How Do I Configure a Security Group?
- Why Does a Client Fail to Connect to a RabbitMQ Instance?
- Does DMS for RabbitMQ Support Public Access?
- Does DMS for RabbitMQ Support Cross-Region Deployment?
- Do RabbitMQ Instances Support Cross-VPC Access?
- Do RabbitMQ Instances Support Cross-Subnet Access?
- What Should I Do If I Fail to Access a RabbitMQ Instance with SSL Encryption?
- Can I Access a RabbitMQ Instance Using DNAT?
- Why Can't I Open the Management Web UI?
- Can a Client Connect to Multiple Virtual Hosts of a RabbitMQ Instance?
- Why Does a RabbitMQ Cluster Have Only One Connection Address?
- Do RabbitMQ Instances Support the Ping Command?
- Messages
- Monitoring & Alarm
-
Instances
- Videos
-
More Documents
-
User Guide (ME-Abu Dhabi Region)
- Service Overview
- Getting Started
- Process of Using RabbitMQ
- Permissions Management
- Buying a RabbitMQ Instance
- Configuring Virtual Hosts
- Accessing a RabbitMQ Instance
- Managing Messages
- Advanced Features
-
Managing Instances
- Viewing and Modifying Basic Information of a RabbitMQ Instance
- Viewing RabbitMQ Client Connection Addresses
- Managing RabbitMQ Instance Tags
- Resetting the RabbitMQ Instance Password
- Enabling RabbitMQ Plug-ins
- Using the rabbitmq_tracing Plug-in
- Exporting the RabbitMQ Instance List
- Deleting a RabbitMQ Instance
- Logging In to RabbitMQ Management UI
- Modifying RabbitMQ Instance Specifications
- Migrating RabbitMQ Services
- Applying for Increasing RabbitMQ Quotas
- Viewing Metrics and Configuring Alarms
- Viewing RabbitMQ Audit Logs
-
FAQs
-
Instances
- What RabbitMQ Version Does DMS for RabbitMQ Use?
- What SSL Version Does DMS for RabbitMQ Use?
- Why Can't I View the Subnet and Security Group Information During Instance Creation?
- How Are Requests Evenly Distributed to Each VM of a Cluster RabbitMQ Instance?
- Do Queues Inside a Cluster RabbitMQ Instance Have Any Redundancy Backup?
- Does DMS for RabbitMQ Support Data Persistence? How Do I Perform Scheduled Data Backups?
- How Do I Obtain the Certificate After SSL Has Been Enabled?
- Can I Change the SSL Setting of a RabbitMQ Instance?
- Can RabbitMQ Instances Be Scaled Up?
- Does RabbitMQ Support Two-Way Authentication?
- Does DMS for RabbitMQ Support CPU and Memory Upgrades?
- How Do I Disable the RabbitMQ Management UI?
- Can I Change the AZ for an Instance?
- How Do I Obtain the Region ID?
- Why Can't I Select Two AZs?
- How to Change Single-node RabbitMQ Instances to Cluster Ones?
- Can I Change the VPC and Subnet After a RabbitMQ Instance Is Created?
-
Connections
- How Do I Configure a Security Group?
- Why Does a Client Fail to Connect to a RabbitMQ Instance?
- Does DMS for RabbitMQ Support Public Access?
- Does DMS for RabbitMQ Support Cross-Region Deployment?
- Do RabbitMQ Instances Support Cross-VPC Access?
- Do RabbitMQ Instances Support Cross-Subnet Access?
- What Should I Do If I Fail to Access a RabbitMQ Instance with SSL Encryption?
- Can I Access a RabbitMQ Instance Using DNAT?
- Why Can't I Open the Management Web UI?
- Can a Client Connect to Multiple Virtual Hosts of a RabbitMQ Instance?
- Why Does a RabbitMQ Cluster Have Only One Connection Address?
- Messages
- Monitoring & Alarm
-
Instances
- Change History
- API Reference (ME-Abu Dhabi Region)
-
User Guide (Kuala Lumpur Region)
- Service Overview
- Permissions Management
- Preparing the Environment
- Buying an Instance
- Accessing a RabbitMQ Instance
- Operating RabbitMQ Instances
- Quotas
- Monitoring
- Auditing
-
FAQs
-
Instances
- What RabbitMQ Version Does DMS for RabbitMQ Use?
- What SSL Version Does DMS for RabbitMQ Use?
- Why Can't I View the Subnet and Security Group Information During Instance Creation?
- What If One RabbitMQ VM Fails to Be Restarted When a Cluster RabbitMQ Instance Is Being Restarted?
- How Are Requests Evenly Distributed to Each VM of a Cluster RabbitMQ Instance?
- Do Queues Inside a Cluster RabbitMQ Instance Have Any Redundancy Backup?
- Does DMS for RabbitMQ Support Data Persistence? How Do I Perform Scheduled Data Backups?
- How Do I Obtain the Certificate After SSL Has Been Enabled?
- Can I Change the SSL Setting of a RabbitMQ Instance?
- Can RabbitMQ Instances Be Scaled Up?
- Does DMS for RabbitMQ Support MQTT?
- How Do I Clear Queue Data?
- Does DMS for RabbitMQ Support CPU and Memory Upgrades?
- How Do I Disable the RabbitMQ Management UI?
- Can I Change the AZ for an Instance?
-
Connections
- How Do I Configure a Security Group?
- Why Does a Client Fail to Connect to a RabbitMQ Instance?
- Does DMS for RabbitMQ Support Public Access?
- Does DMS for RabbitMQ Support Cross-Region Deployment?
- Does DMS for RabbitMQ Support Cross-VPC Access?
- Does DMS for RabbitMQ Support Cross-Subnet Access?
- What Should I Do If I Fail to Access a RabbitMQ Instance with SSL Encryption?
- Can I Access a RabbitMQ Instance Using DNAT?
- Why Can't I Open the Management Web UI?
- Can a Client Connect to Multiple Virtual Hosts of a RabbitMQ Instance?
- Why Does a RabbitMQ Cluster Have Only One Connection Address?
- Plug-ins
- Messages
- Monitoring & Alarm
-
Instances
- Change History
- API Reference (Kuala Lumpur Region)
-
User Guide (ME-Abu Dhabi Region)
- General Reference
Show all
Copied.
Permissions and Supported Actions
This chapter describes fine-grained permissions management for your RabbitMQ instances. If your account does not need individual IAM users, then you may skip over this chapter.
By default, new IAM users do not have any permissions assigned. You need to add a user to one or more groups, and assign permissions policies to these groups. The user then inherits permissions from the groups it is a member of. This process is called authorization. After authorization, the user can perform specified operations on cloud services based on the permissions.
You can grant users permissions by using roles and policies. Roles are a type of coarse-grained authorization mechanism that defines permissions related to user responsibilities. Policies define API-based permissions for operations on specific resources under certain conditions, allowing for more fine-grained, secure access control of cloud resources.
You can use policies to allow or deny access to specific APIs.
An account has all of the permissions required to call all APIs, but IAM users must have the required permissions specifically assigned. The permissions required for calling an API are determined by the actions supported by the API. Only users that have been granted permissions allowing the actions can call the API successfully. For example, if an IAM user creates a RabbitMQ instance using an API, the user must have been granted permissions that allow the dms:instance:create action.
Supported Actions
DMS provides system-defined policies, which can be directly used in IAM. You can also create custom policies to supplement system-defined policies for more refined access control. Operations supported by policies are specific to APIs. The following are basic concepts related to policies:
- Permission: A statement in a policy that allows or denies certain operations.
- APIs: REST APIs that can be called in a custom policy.
- Actions: Added to a custom policy to control permissions for specific operations.
- IAM projects or enterprise projects: A custom policy can be applied to IAM projects or enterprise projects or both. Policies that contain actions supporting both IAM and enterprise projects can be assigned to user groups and take effect in both IAM and Enterprise Management. Policies that only contain actions supporting IAM projects can be assigned to user groups and only take effect for IAM. Such policies will not take effect if they are assigned to user groups in Enterprise Management.
DMS for RabbitMQ supports the following actions that can be defined in custom policies. Permissions must be obtained before calling DMS APIs. For details on how to obtain permissions, visit the Identity and Access Management help center.
Permissions |
APIs |
Actions |
IAM Projects |
Enterprise Projects |
---|---|---|---|---|
Creating an Instance |
POST /v2/{project_id}/instances |
dms:instance:create |
√ |
√ |
Deleting an Instance |
DELETE /v2/{project_id}/instances/{instance_id} |
dms:instance:delete |
√ |
√ |
Modifying an Instance |
PUT /v2/{project_id}/instances/{instance_id} |
dms:instance:modify |
√ |
√ |
Querying an Instance |
GET /v2/{project_id}/instances/{instance_id} |
dms:instance:get |
√ |
√ |
Deleting Instances in Batches |
POST /v2/{project_id}/instances/action |
dms:instance:delete |
√ |
√ |
Listing All Instances |
GET /v2/{project_id}/instances |
dms:instance:list |
√ |
√ |
Listing Plug-ins |
GET /v2/{project_id}/instances/{instance_id}/rabbitmq/plugins |
dms:instance:list |
√ |
√ |
Enabling or Disabling a Plug-in |
PUT /v2/{project_id}/instances/{instance_id}/rabbitmq/plugins |
dms:instance:modify |
√ |
√ |
Resetting a Password |
POST /v2/{project_id}/instances/{instance_id}/password |
dms:instance:resetAuthInfo |
√ |
√ |
Modifying Instance Specifications |
POST /v2/{project_id}/instances/{instance_id}/extend |
dms:instance:scale |
√ |
√ |
Listing Background Tasks |
GET /v2/{project_id}/instances/{instance_id}/tasks |
dms:instance:getBackgroundTask |
√ |
√ |
Querying a Background Task |
GET /v2/{project_id}/instances/{instance_id}/tasks/{task_id} |
dms:instance:getBackgroundTask |
√ |
√ |
Deleting a Background Task |
GET /v2/{project_id}/instances/{instance_id}/tasks/{task_id} |
dms:instance:deleteBackgroundTask |
√ |
√ |
Adding or Deleting Instance Tags in Batches |
POST /v2/{project_id}/rabbitmq/{instance_id}/tags/action |
dms:instance:modify |
√ |
√ |
Listing Tags of an Instance |
GET /v2/{project_id}/rabbitmq/{instance_id}/tags |
dms:instance:get |
√ |
√ |
Querying Project Tags |
GET /v2/{project_id}/rabbitmq/tags |
dms:instance:get |
√ |
√ |
Enabling or Disabling Public Access |
PUT /v2/{project_id}/instances/{instance_id} |
dms:instance:modify |
√ |
√ |
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot