ApsaraMQ for RabbitMQ:Granting permissions to a RAM user (optional)

Background information

This operation is required only for RAM users. If you use an Alibaba Cloud account, you have all permissions for the ApsaraMQ for RabbitMQ service by default and do not need to grant permissions.

To check your account role:

Log on to the ApsaraMQ for RabbitMQ console. Your basic account information appears in the upper-right corner of the page. If Alibaba Cloud Account is displayed below your Account ID, you use an Alibaba Cloud account and do not need to grant permissions. If RAM User is displayed, you must grant permissions to the RAM user.

Access policies for ApsaraMQ for RabbitMQ

ApsaraMQ for RabbitMQ provides the following system policies. You can grant permissions to RAM users based on the required scope of permissions.

In addition to system policies, you can create custom policies to grant a RAM user permissions on specific resources. For more information, see Custom access policies for ApsaraMQ for RabbitMQ.

Grant permissions to a RAM user (required for RAM users)

1. Log on to the RAM console as a RAM administrator.

2. In the left-side navigation pane, choose Identities > Users.

3. On the Users page, find the required RAM user, and click Add Permissions in the Actions column.

   

   You can also select multiple RAM users and click Add Permissions in the lower part of the page to grant permissions to the RAM users at a time.

4. In the Grant Permission panel, grant permissions to the RAM user.

   1. Configure the Resource Scope parameter.

      • Account: The authorization takes effect on the current Alibaba Cloud account.

      • Resource Group: The authorization takes effect on a specific resource group.

        Important

        If you select Resource Group for the Resource Scope parameter, make sure that the required cloud service supports resource groups. For more information, see Services that work with Resource Group. For more information about how to grant permissions on a resource group, see Use a resource group to restrict a RAM user to managing only specific ECS instances.

   2. Configure the Principal parameter.

      The principal is the RAM user to which you want to grant permissions. The current RAM user is automatically selected.

   3. Configure the Policy parameter.

      A policy contains a set of permissions. Policies can be classified into system policies and custom policies. You can select multiple policies at a time.

      • System policies: policies that are created by Alibaba Cloud. You can use but cannot modify these policies. Version updates of the policies are maintained by Alibaba Cloud. For more information, see Services that work with RAM.

        Note

        The system automatically identifies high-risk system policies, such as AdministratorAccess and AliyunRAMFullAccess. We recommend that you do not grant unnecessary permissions by attaching high-risk policies.

      • Custom policies: You can manage and update custom policies based on your business requirements. You can create, update, and delete custom policies. For more information, see Create a custom policy.

   4. Click OK.

5. Click Close.