This topic describes two access control mechanisms supported by Message Queue for Apache Kafka : Resource Access Management (RAM) and access control list (ACL).

Access control mechanism Description Documentation
RAM RAM is a service provided by Alibaba Cloud to manage user identities and resource access permissions. You can only grant permissions to RAM users in the Message Queue for Apache Kafka console or by using the API operations. No matter whether RAM users are authorized or not, RAM users can use SDKs to send and receive messages. For more information, see What is RAM?.
ACL The ACL feature is provided by Message Queue for Apache Kafka to manage the permissions of Simple Authentication and Security Layer (SASL) users and clients to send and receive messages by using SDKs. This is consistent with the ACL feature in open source Apache Kafka. The ACL feature is only applicable to scenarios where you want to implement access control for users that use SDKs to send and receive messages. This feature is not applicable to scenarios where you want to implement access control for users that send and receive messages in the Message Queue for Apache Kafka console or by using API operations. For more information, see Authorization and ACLs. Authorize SASL users