You must activate Message Queue for Apache RocketMQ on the Alibaba Cloud official website before you can use the service. If your account is a Resource Access Management (RAM) user, you must grant permissions to the RAM user before you can use the console or API to access the corresponding resources in Message Queue for Apache RocketMQ and use the resources to send and consume messages by using SDKs.
Prerequisites
Step 1: Activate Message Queue for Apache RocketMQ
Step 2: (Required for RAM users) Grant permissions to a RAM user
- Log on to the RAM console by using your Alibaba Cloud account.
- In the left-side navigation pane, choose .
- On the Users page, find the RAM user to which you want to attach the custom policy, and click Add Permissions in the Actions column.
- In the Add Permissions panel, grant permissions to the RAM user.
- Click OK.
- Click Complete.
Message Queue for Apache RocketMQ provides the following system policies. You can grant related permissions to a RAM user based on the permission scope.
Policy | Description |
---|---|
AliyunMQFullAccess | The permissions that are required to manage Message Queue for Apache RocketMQ. This policy grants permissions that are equivalent to the permissions of an Alibaba Cloud account. RAM users to whom this policy is attached have permissions to perform all actions in the console and send and subscribe to messages. |
AliyunMQPubOnlyAccess | The permissions that allow users of Message Queue for Apache RocketMQ to send messages. RAM users to whom this policy is attached have the permissions to use all resources of an Alibaba Cloud account to send messages by using SDKs. |
AliyunMQSubOnlyAccess | The permissions that allow users of Message Queue for Apache RocketMQ to subscribe to messages. RAM users to whom this policy is attached have the permissions to use all resources of an Alibaba Cloud account to subscribe to messages by using SDKs. |
AliyunMQReadOnlyAccess | The permissions that allow users of Message Queue for Apache RocketMQ to only read the information about resources. RAM users to whom this policy is attached have the permissions to only read the information about the resources of an Alibaba Cloud account in the console or by calling API operations. |
Note System policies provide a wide scope of permissions. For example, a RAM user to which
the
AliyunMQFullAccess
policy is attached can manage all resources of Message Queue for Apache RocketMQ. Message Queue for Apache RocketMQ provides custom policies to allow you to implement fine-grained permission management
on a specific type of resource. For example, you can grant a RAM user only the permissions
to use the console to manage topics. For more information about custom policies, see
Policies and examples.