Help Center> Distributed Message Service for RocketMQ> User Guide> Permission Management> Creating a User and Granting DMS for RocketMQ Permissions
Updated on 2023-03-24 GMT+08:00

Creating a User and Granting DMS for RocketMQ Permissions

This section describes how to use Identity and Access Management (IAM) for fine-grained permissions control for your Distributed Message Service (DMS) for RocketMQ resources. With IAM, you can:

  • Create IAM users for employees based on your enterprise's organizational structure. Each IAM user will have their own security credentials for accessing DMS for RocketMQ resources.
  • Manage permissions on a principle of least permissions (PoLP) basis.
  • Entrust a Huawei Cloud account or cloud service to perform efficient O&M on your DMS for RocketMQ resources.

If your Huawei Cloud account does not need IAM, skip this section.

This section describes the procedure for granting permissions (see Figure 1).


Learn about the permissions (see Permissions Management) supported by DMS for RocketMQ and choose policies or roles according to your requirements. For the system policies of other services, see System Permissions.

Process Flow

Figure 1 Process for granting DMS for RocketMQ permissions

  1. Create a user group and assign permissions.

    Create a user group on the IAM console, and assign the DMS ReadOnlyAccess policy to the group.

  2. Create a user and add it to the user group.

    Create a user on the IAM console and add the user to the group created in 1.

  3. Log in as the created user and verify permissions.

    Log in to the DMS for RocketMQ console using the user you just created, and verify that the user has the administrator permissions for DMS for RocketMQ.