ApsaraMQ for Kafka:Manage users and grant permissions to them

Add a user

1. Log on to the ApsaraMQ for Confluent console. In the left-side navigation pane, click Instances.

2. On the Instances page, click the name of the instance that you want to manage.

3. In the left-side navigation pane of the Instance Details page, click Users.

4. On the Users page, click Add LDAP User.

5. In the Add LDAP User panel, specify the username and password and click OK.

   Important

   If you add multiple users with the same username but different passwords, only the first user takes effect.

Remove a user

1. In the Actions column corresponding to the user that you want to remove, click Delete.

2. In the message that appears, click OK.

   Important

   After you delete a user, all permissions granted to the user are removed from the instance and the user can no longer use the instance.

ACL authorization

We recommend that you implement ACL authorization using the Confluent CLI. For more information, see Manage ACLs using Confluent CLI.

RBAC authorization

You can use one of the following methods to implement RBAC authorization in ApsaraMQ for Confluent:

• Use Control Center of ApsaraMQ for Confluent. In this topic, this method is used.

• Use the Confluent CLI. For more information, see Manage RBAC permissions using Confluent CLI.

1. Log on to the ApsaraMQ for Confluent console. In the left-side navigation pane, click Instances.

2. On the Instances page, click the name of the instance that you want to manage.

3. In the upper-right corner of the Instance Details page, click Log on to Console. On the logon page of Control Center, enter your username and password to go to the Home page.

4. In the upper-right corner of the Home page, choose > Manage role assignments to go to the RBAC authorization page on which the 10 built-in roles provided by Confluent are listed.

5. Click the Assignments tab. Then, click the ID of the cluster that you want to manage.

6. Grant permissions to users based on the cluster type.

   Kafka cluster

   1. Click the ID of the Kafka cluster and grant permissions to users based on the resource type (Cluster, Group, Topic, and TransactionId). In this example, the ResourceOwner role of topics prefixed with demo is bound to the test user.

      

   2. Click Add role assignment to go to the authorization details page. Then, follow the on-screen instructions to configure the parameters and click Save.

      

   Connect cluster

   1. Click the ID of the Connect cluster and grant permissions to users based on the resource type (Cluster and Connector). In this example, the ClusterAdmin role of the Connect cluster is bound to the test user.

      

   2. Click Add role assignment to go to the authorization details page. Then, follow the on-screen instructions to configure the parameters and click Save.

      

   KSQL

   1. Click the ID of the KSQL cluster and grant permissions to users based on the resource type (Cluster). In this example, the ResourceOwner role of the KSQL cluster is bound to the test user.

      

   2. Click Add role assignment to go to the authorization details page. Then, follow the on-screen instructions to configure the parameters and click Save.

      

   Schema Registry

   1. Click the ID of the Schema Registry cluster and grant permissions to users based on the resource type (Cluster and Subject). In this example, the ResourceOwner role of all Schema Registry subjects is bound to the test user.

      

   2. Click Add role assignment to go to the authorization details page. Then, follow the on-screen instructions to configure the parameters and click Save.