Updated on 2024-04-08 GMT+08:00

Creating a User

Scenario

RocketMQ instances support ACL-based permission control. You can create multiple users and assign different topic and consumer group permissions to them.

Prerequisites

A RocketMQ instance has been purchased.

Step 1: Enable ACL

  1. Log in to the management console.
  2. Click in the upper left corner to select a region.

    Select the region where your RocketMQ instance is located.

  3. Click and choose Application > Distributed Message Service for RocketMQ to open the console of DMS for RocketMQ.
  4. Click a RocketMQ instance to go to the instance details page.
  5. In the Connection area, click next to ACL to enable ACL.

    Enabling ACL will disconnect clients without authentication configuration.

Step 2: Create a User

  1. In the navigation pane, choose Users.
  2. Click Create User.
  3. Configure the user's name and other parameters by referring to Table 1.

    Table 1 User parameters

    Parameter

    Description

    Name

    Name of the user.

    The name cannot be changed after the user is created.

    IP Whitelist

    Users from whitelisted IP addresses have publish/subscribe permissions for all topics and consumer groups, and their secret keys will not be verified.

    The IP whitelist can be set to specific IP addresses or network segments. Example: 192.168.1.2,192.168.2.3 or 192.*.*.*

    Administrator

    A user configured as the administrator will have publish/subscribe permissions for all topics and consumer groups.

    Default Topic Permissions

    The user's default permissions for topics.

    The default permissions will be overwritten by the permissions configured for specific topics, if any. For example, if Default Topic Permissions is set to Subscribe, but a topic is configured with the Publish/Subscribe permissions, the topic's actual permissions will be Publish/Subscribe.

    Default Consumer Group Permissions

    The user's default permissions for consumer groups.

    The default permissions will be overwritten by the permissions configured for specific consumer groups, if any. For example, if a consumer group is configured with the None permissions, the user will not have permissions for the consumer group, even if Default Consumer Group Permissions is set to Subscribe.

    Secret Key

    The user's secret key.

  4. Click OK.

(Optional) Step 3: Configure Permissions for a Specific Topic or Consumer Group

  1. Click a user to go to the user details page.
  2. On the Topic Permissions or Consumer Group Permissions tab page, click Add.
  3. Select desired topics or consumer groups, select the required permissions, and click OK.

    These permissions overwrite the default permissions. For example, in Figure 1, users finally have publish/subscribe permissions for topic test01.
    Figure 1 User details page

Step 4: Access the Server as a User

After ACL is enabled for an instance, user authentication information must be added to both the producer and consumer configurations. For details, see the following instructions:

  • Section "Java" > "Controlling Access with ACL" in Distributed Message Service for RocketMQ Developer Guide
  • Section "Go" > "Controlling Access with ACL" in Distributed Message Service for RocketMQ Developer Guide
  • Section "Python" > "Controlling Access with ACL" in Distributed Message Service for RocketMQ Developer Guide