tencent cloud

TDMQ for Apache Pulsar

Release Notes and Announcements
Release Notes
Cluster Version Updates
Product Announcements
Product Introduction
Introduction and Selection of the TDMQ Product Series
What Is TDMQ for Apache Pulsar
Strengths
Scenarios
How It Works
Product Series
Version Support Instructions for Open-Source Apache Pulsar
Comparison with Open-Source Apache Pulsar
High Availability
Quotas and Limits
Basic Concepts
Billing
Billing Overview
Pricing
Billing Examples
Renewal
Viewing Consumption Details
Overdue Payments
Refund
Getting Started
Getting Started Guide
Preparations
Using the SDK to Send and Receive General Messages
Using the SDK to Send and Receive Advanced Feature Messages
User Guide
Usage Process Guide
Configuring the Account Permission
Creating a Cluster
Configuring the Namespace
Configuring the Topic
Connecting to a Cluster
Managing the Cluster
Querying Messages and Traces
Cross-Region Replication
Viewing Monitoring Data and Configuring Alarm Rules
Use Cases
Client Usage
Abnormal Consumer Isolation
Traffic Throttling Mechanisms
Transaction Reconciliation
Message Idempotence
Message Compression
Migration Guide
Single-Write Multiple-Read Cluster Migration Solutions
Hitless Migration from Virtual Cluster to Pro Cluster
SDK Reference
API Overview
SDK Reference
SDK Overview
Recommended SDK Configuration Parameters
TCP Protocol (Apache Pulsar)
Security and Compliance
Permission Management
Deletion Protection
CloudAudit
FAQs
Monitoring
Clients
Agreements
Service Level Agreement
TDMQ Policy
Contact Us
Glossary
DocumentationTDMQ for Apache PulsarUser GuideConfiguring the Account PermissionGranting the Access Permission to Sub-accounts

Granting the Access Permission to Sub-accounts

PDF
Focus Mode
Font Size
Last updated: 2025-12-24 14:59:00
When you use TDMQ for Apache Pulsar, you may need to access other cloud product resources such as Virtual Private Cloud (VPC) and Cloud Virtual Machine (CVM) in specific scenarios, such as viewing the availability zone (AZ) information of user subnets. Therefore, the root account needs to grant sub-accounts appropriate call permissions for other cloud products based on actual requirements.

Prerequisites

Sub-accounts have been created for employees by using the Tencent Cloud root account. For detailed operations, see Creating a Sub-account.

Operation Steps

Creating a Custom Policy for Accessing Other Cloud Products

1. Log in to the Cloud Access Management (CAM) console by using the root account.
2. In the left sidebar, choose Policies, and click Create a custom policy. In the pop-up window for selecting the policy creation method, select Create according to the policy syntax to go to the Create by Policy Syntax page.
3. On the Create by Policy Syntax page, select Blank Template and click Next.
4. Refer to the following API call table and policy syntax to grant sub-accounts appropriate permissions to call other cloud products based on actual requirements, and generate a custom policy. After you fill in all information, click Completed.
When you use TDMQ for Apache Pulsar, the following cloud products need to be called. The root account needs to grant sub-accounts related permissions separately to ensure that the corresponding features of TDMQ for Apache Pulsar work properly. The following table lists the cloud products called during the use of Pulsar in a custom policy.
Cloud Product
API Name
API Feature
Feature in TDMQ for Apache Pulsar
CVM
DescribeZones
Queries AZs.
Allows users to view the AZs of the subnet during the creation of an instance.
VPC
DescribeVpcs
Queries a list of VPCs.
Allows users to select the VPC to which the instance access address belongs during the creation of an instance.
VPC
DescribeSubnets
Queries a list of VPCs.
Allows users to select the subnet to which the instance access address belongs during the creation of an instance.
Tencent Cloud Observability Platform (TCOP)
(Monitor)
GetMonitorData
Pulls metric monitoring data.
Allows users to view monitoring data in TDMQ for Apache Pulsar.
TCOP
(Monitor)
DescribeDashboardMetricData
Pulls metric monitoring data.
Allows users to view monitoring data in TDMQ for Apache Pulsar.
TCOP
(Monitor)
DescribeBaseMetrics
Pulls a metric monitoring list.
Allows users to view the monitoring list of TDMQ for Apache Pulsar.
TCOP
(Monitor)
DescribeDashboardMetrics
Pulls metric monitoring dimensions.
Allows users to view the monitoring dimensions in TDMQ for Apache Pulsar.
TCOP
(Monitor)
DescribeMonitorProductByIds
Pulls the monitoring configuration.
Queries a list of monitoring products by ID.
Tags
DescribeResourceTagsByResourceIds
Queries resource tags.
Allows users to view the resource tags of a cluster.
Policy syntax example:
   {
     "version": "2.0",
     "statement": [
       {
         "effect": "allow",
         "action": [
           "cvm:DescribeZones",
           "vpc:DescribeVpcs",
           "vpc:DescribeSubnets",
           "monitor:GetMonitorData",
           "monitor:DescribeDashboardMetricData",
           "monitor:DescribeBaseMetrics",
           "monitor:DescribeDashboardMetrics",
           "monitor:DescribeMonitorProductByIds",
           "monitor:DescribeOneClickAlarmConfigs",
           "tag:DescribeResourceTagsByResourceIds",
         ],
         "resource": [
           "*"
         ]
       }
     ]
   }

Associating a Custom Policy with a Sub-account

1. On the Policy Management list page, click Custom Policy for filtering, find the created custom policy, and then click Associate User/Group/Role in the operation column.



2. Select the sub-account to which you want to grant this permission, and click OK to complete authorization.



3. On the User List page, click the name of the sub-account to go to the User Details page. The policy will be displayed in the policy list of the user.





Previous Topic: Account Permission OverviewNext Topic: Granting the Operation-Level Permission to Sub-accounts

Help and Support

Was this page helpful?

Help us improve! Rate your documentation experience in 5 mins.

Feedback