This topic describes two access control mechanisms supported by ApsaraMQ for Kafka: Resource Access Management (RAM) and access control list (ACL).
| Access control mechanism | Description | Documentation |
| RAM | RAM is a service provided by Alibaba Cloud to manage user identities and resource access permissions. You can only grant permissions to RAM users in the ApsaraMQ for Kafka console or by using the API operations. No matter whether RAM users are authorized or not, RAM users can use SDKs to send and receive messages. For more information, see What is RAM?. | |
| ACL | The ACL feature is provided by ApsaraMQ for Kafka to manage the permissions of Simple Authentication and Security Layer (SASL) users and clients to send and receive messages by using SDKs. This is consistent with the ACL feature in open source Apache Kafka. The ACL feature is only applicable to scenarios where you want to implement access control for users that use SDKs to send and receive messages. This feature is not applicable to scenarios where you want to implement access control for users that send and receive messages in the ApsaraMQ for Kafka console or by using API operations. For more information, see Authorization and ACLs. | Grant permissions to SASL users |