:Perform RBAC-based access control

Background information

RBAC is role-based, whereas access control lists (ACLs) are permission-based. Therefore, RBAC is more suitable than ACLs for granting permissions to and revoking permissions from multiple users at a time.

You can use one of the following methods to perform RBAC-based access control in ApsaraMQ for Confluent:

• Use ApsaraMQ for Confluent Control Center. This topic describes this method in detail.

• Use the Confluent CLI. For more information, see Use the Confluent CLI to manage RBAC permissions.

Perform RBAC-based access control in Control Center

1. Log on to the ApsaraMQ for Confluent console. In the left-side navigation pane, click Instances.

2. On the Instances page, click the name of the instance that you want to manage.

3. In the upper-right corner of the Instance Details page, click Log On to Console.

4. In the upper right corner of the page that appears, choose > Manage role assignments.

5. On the Roles tab, grant permissions to the built-in roles provided by Confluent based on your business requirements.

   Important

   You can grant permissions only to the built-in roles provided by Confluent.

   

6. Click the Assignments tab and then select the type of resource on which you want to grant permissions. The resource types include cluster, group, topic, and transaction ID.

7. Click Add role assignment. On the Add role assignment page, create an authorization principal and assign a role to the principal.

   Example: You can grant permissions on all transaction IDs to a principal named ksql. To do so, set the Resource ID parameter to an asterisk (*) that specifies all resources and set the Pattern type parameter to Literal. Otherwise, RBAC permissions do not take effect.