Configuring RocketMQ ACL Users
Scenario
RocketMQ instances support ACL-based permission isolation among users. You can create multiple users, and grant topic and consumption permissions to them.
Prerequisites
- A RocketMQ instance has been purchased.
- ACL has been enabled.
Creating a User
- Log in to the console.
- Click
in the upper left corner to select a region.
Select the region where your RocketMQ instance is located.
- Click
and choose Middleware > Distributed Message Service for RocketMQ to open the console of DMS for RocketMQ.
- In the navigation pane, choose Users.
- Click Create User.
- Configure the user's name and other parameters by referring to Table 1.
Table 1 User parameters Parameter
Description
Name
Name of the user.
The name cannot be changed after the user is created.
IP Whitelist
Users from whitelisted IP addresses have publish/subscribe permissions for all topics and consumer groups, and their secret keys will not be verified.
The IP whitelist can be set to specific IP addresses or network segments. Example: 192.168.1.2,192.168.2.3 or 192.*.*.*
Administrator
A user configured as the administrator will have publish/subscribe permissions for all topics and consumer groups.
Default Topic Permissions
The user's default permissions for topics.
The default permissions will be overwritten by the permissions configured for specific topics, if any. For example, if Default Topic Permissions is set to Subscribe, but a topic is configured with the Publish/Subscribe permissions, the topic's actual permissions will be Publish/Subscribe.
Default Consumer Group Permissions
The user's default permissions for consumer groups.
The default permissions will be overwritten by the permissions configured for specific consumer groups, if any. For example, if a consumer group is configured with the None permissions, the user will not have permissions for the consumer group, even if Default Consumer Group Permissions is set to Subscribe.
Secret Key
The user's secret key.
- Click OK.
(Optional) Setting Special Permissions for a Specified Topic or Consumer Group
- Click a user to go to the user details page.
- On the Topic Permissions or Consumer Group Permissions tab page, click Add.
- Select desired topics or consumer groups, select the required permissions, and click OK.
These permissions overwrite the default permissions. For example, in Figure 1, users finally have publish/subscribe permissions for topic test01.
Accessing the Server as a User
After ACL is enabled for an instance, user authentication information must be added to both the producer and consumer configurations. For details, see the following instructions:
Modifying User Information
- Log in to the console.
- Click
in the upper left corner to select a region.
Select the region where your RocketMQ instance is located.
- Click
and choose Middleware > Distributed Message Service for RocketMQ to open the console of DMS for RocketMQ.
- Click a RocketMQ instance to go to the instance details page.
- In the navigation pane, choose Users.
- In the row containing the desired user, click Edit.
- Modify the information shown in Table 2 as required.
Table 2 User parameters Parameter
Description
IP Whitelist
Users from whitelisted IP addresses have publish/subscribe permissions for all topics and consumer groups, and their secret keys will not be verified.
The IP whitelist can be set to specific IP addresses or network segments. Example: 192.168.1.2,192.168.2.3 or 192.*.*.*
Administrator
A user configured as the administrator will have publish/subscribe permissions for all topics and consumer groups.
Default Topic Permissions
The user's default permissions for topics.
The default permissions will be overwritten by the permissions configured for specific topics, if any. For example, if Default Topic Permissions is set to Subscribe, but a topic is configured with the Publish/Subscribe permissions, the topic's actual permissions will be Publish/Subscribe.
Default Consumer Group Permissions
The user's default permissions for consumer groups.
The default permissions will be overwritten by the permissions configured for specific consumer groups, if any. For example, if a consumer group is configured with the None permissions, the user will not have permissions for the consumer group, even if Default Consumer Group Permissions is set to Subscribe.
Secret Key
The user's secret key.
- Click OK.
Deleting a User
Deleting a user will remove its authorization relationship and disconnect it from the instance.
- Log in to the console.
- Click
in the upper left corner to select a region.
Select the region where your RocketMQ instance is located.
- Click
and choose Middleware > Distributed Message Service for RocketMQ to open the console of DMS for RocketMQ.
- Click a RocketMQ instance to go to the instance details page.
- In the navigation pane, choose Users.
- In the row containing the desired user, click Delete.
- Click OK.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot