As a centralized access management service provided by Alibaba Cloud, RAM (Resource Access Management) focuses on user identity and authorization management. Its application scenarios cover enterprise sub-account and authorization management, temporary authorization management for mobile apps, and resource interoperation and authorization management between organizations. For more information about RAM, see Resource Access Management).
With RAM, which is fully integrated with MQ, you can impose secure access control on Topic resources of MQ in terms of Topic creation and deletion, message publishing and subscription.
MQ console, meanwhile, still keeps authorization management. You can manage authorization either on RAM or on MQ. The processing logic for the two consoles goes as follows:
- Sub-account authorized: if it is authorized by either or both RAM and MQ.
- Sub-account unauthorized: if it is authorized by neither console.
Note: When the system judges, the authorization configuration of RAM is checked before that of MQ. We recommend you manage authorization on RAM.