Scenario
The user and permission management mechanism of RocketMQ ensures the security of message queues and allows you to control access. RocketMQ also supports roles to combine multiple permissions into one role and assign roles to users. You can simplify permission management and improve management efficiency through role management.
The user and permission management mechanism allows you to implement fine-grained access control on message queues. Only authorized users can read, write, and subscribe to messages. RocketMQ supports flexible role management to help the administrator assign and manage permissions. These mechanisms help users protect the security of message queues against unauthorized access and manipulation.
Role Control
1. Create a user
Click Role Control > Create User to create a new user.
The user ID refers to the AccessKey field, and the key is the SecretKey field of the client.
2. Click Create User.
3. Fill in the user field in the pop-up box.
l Enter the application user name. A name consists of more than six characters. Only uppercase and lowercase letters, underscores and numbers are allowed.
l Fill in the key. Please enter more than eight characters, including numbers, uppercase and lowercase letters, and special characters (!@#$%^&*).
l Choose the default topic permission. PUB: production permission. SUB: consumption permission, DENY: no permission. PUB|SUB: both permissions.
l Choose the default subscription group permission, as described above.
4. Set the user topics or subscription group permissions.
You can click Topic Permission or Subscription Group to set the publish or subscribe permission of the user's topic or subscription group.
l Click Topic Permission and Create Topic Permission. Select topic names and permissions. If no topic name is available in the drop-down menu, you can create a new topic in the topic management menu. For details, refer to Creating a Topic.
l Click Subscription Group Permission and Create Subscription Group Permission. Select a subscription group name and permission. If no subscription group name is available in the drop-down menu, you can create a new subscription group in the subscription group management menu. For details, refer to Creating a Subscription Group.
To delete a user role account, you can select Delete from the menu.