edit-icon download-icon

Create permission

Last Updated: Oct 17, 2018

This interface is exclusive for MQ Enterprise Platinum edition users. For more information, go to Enterprise Platinum Edition Purchase.


OnsEmpowerCreate interface authorizes specified users to use the target Topic, including the permission to publish and subscribe to messages.


MQ Topic resources are owned by the owner account that creates them. When it is required to access Topic resources across the account, the owner account can authorize the target account to publish or receive messages through an authorization interface.

Authorization considerations:

  • Authorization supports three permissions: publish, subscribe, and publish & subscribe.
  • The account which initiates authorization must be the resource owner account, and the target account can be a sub-account or primary account.
  • After being authorized, the target account still needs to receive a message by creating its own subscription CID instead of using the CID of the owner account.

Restrictions on primary accounts and sub-accounts

This interface is exclusively available for primary accounts, and cannot be used by RAM sub-accounts.

Request parameters

Name Type Required Description
OnsRegionId String Yes The region where the queried MQ is currently located. It can be obtained through the OnsRegionList method.
OnsPlatform String No The source of the request, which by default is POP platform.
PreventCache Long Yes It’s used for CSRF verification. Set it to the current system time.
EmpowerUser Long Yes The authorized target user ID; supports sub-account ID
Topic String Yes The authorized target Topic which must be owned by the current user.
Relation Integer Yes The authorization type: 2 for “authorize to send”; 4 for “authorize to subscribe”, and 6 for “authorize to send and subscribe”.

Response parameters

Name Type Description
RequestId String A public parameter unique for each request
HelpUrl String A help link
  • OnsEmpowerList: views the authorization list
  • OnsEmpowerDelet: deletes authorization


  1. public static void main(String []args) {
  2. public static void main(String []args) {
  3. String regionId = "cn-hangzhou";
  4. String accessKey = "XXXXXXXXXXXXXXXXX";
  5. String secretKey = "XXXXXXXXXXXXXXXXX";
  6. String endPointName ="cn-hangzhou";
  7. String productName ="Ons";
  8. String domain ="ons.cn-hangzhou.aliyuncs.com";
  9. /**
  10. *Select Region based on the region you will access, and set the corresponding access point.
  11. */
  12. try {
  13. DefaultProfile.addEndpoint(endPointNameregionIdproductNamedomain);
  14. } catch (ClientException e) {
  15. e.printStackTrace();
  16. }
  17. IClientProfile profile= DefaultProfile.getProfile(regionIdaccessKeysecretKey);
  18. IAcsClient iAcsClient= new DefaultAcsClient(profile);
  19. OnsEmpowerCreateRequest request = new OnsEmpowerCreateRequest();
  20. request.setOnsRegionId("cn-qingdao-publictest");
  21. request.setPreventCache(System.currentTimeMillis());
  22. request.setAcceptFormat(FormatType.JSON);
  23. request.setEmpowerUser("167535647680831312");
  24. request.setTopic("Topic_for_public_msg_test");
  25. request.setRelation(2);
  26. try {
  27. OnsEmpowerCreateResponse response=iAcsClient.getAcsResponse(request);
  28. System.out.println(response.getRequestId());
  29. } catch (ServerException e) {
  30. e.printStackTrace();
  31. } catch (ClientException e) {
  32. e.printStackTrace();
  33. }
  34. }
  35. }
Thank you! We've received your feedback.