Creating a User
Scenario
RocketMQ instances support ACL-based permission control. You can create multiple users and assign different topic and consumer group permissions to them.
Prerequisites
A RocketMQ instance has been created.
Step 1: Enable ACL
- Log in to the management console.
- Click in the upper left corner to select a region.
Select the region where your RocketMQ instance is located.
- Click and choose Application > Distributed Message Service for RocketMQ to open the console of DMS for RocketMQ.
- Click a RocketMQ instance to go to the instance details page.
- In the Connection area, click next to ACL to enable ACL.
Enabling ACL will disconnect clients without authentication configuration.
Step 2: Create a User
- In the navigation pane, choose Users.
- Click Create User.
- Configure the user's name and other parameters by referring to Table 1.
Table 1 User parameters Parameter
Description
Name
Name of the user.
The name cannot be changed after the user is created.
IP Whitelist
Users from whitelisted IP addresses have publish/subscribe permissions for all topics and consumer groups, and their secret keys will not be verified.
The IP whitelist can be set to specific IP addresses or network segments. Example: 192.168.1.2,192.168.2.3 or 192.*.*.*
Administrator
A user configured as the administrator will have publish/subscribe permissions for all topics and consumer groups.
Default Topic Permissions
The user's default permissions for topics.
The default permissions will be overwritten by the permissions configured for specific topics, if any. For example, if Default Topic Permissions is set to Subscribe, but a topic is configured with the Publish/Subscribe permissions, the topic's actual permissions will be Publish/Subscribe.
Default Consumer Group Permissions
The user's default permissions for consumer groups.
The default permissions will be overwritten by the permissions configured for specific consumer groups, if any. For example, if a consumer group is configured with the None permissions, the user will not have permissions for the consumer group, even if Default Consumer Group Permissions is set to Subscribe.
Secret Key
The user's secret key.
- Click OK.
(Optional) Step 3: Configure Permissions for a Specific Topic or Consumer Group
- Click a user to go to the user details page.
- On the Topic Permissions or Consumer Group Permissions tab page, click Add.
- Select desired topics or consumer groups, select the required permissions, and click OK.
These permissions overwrite the default permissions. For example, in Figure 1, users finally have publish/subscribe permissions for topic test01.
Step 4: Access the Server as a User
After ACL is enabled for an instance, user authentication information must be added to both the producer and consumer configurations. For details, see the following instructions:
- Section "Java" > "Controlling Access with ACL" in Distributed Message Service for RocketMQ Developer Guide
- Section "Go" > "Controlling Access with ACL" in Distributed Message Service for RocketMQ Developer Guide
- Section "Python" > "Controlling Access with ACL" in Distributed Message Service for RocketMQ Developer Guide
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot