Set up Permission through the console
Last updated: 2020-02-17 18:14:37PDF
The purpose of this article is to specify that a user owns the CMQ queue model Permission is written in consumption news and bulk consumption news. As an example, demonstrate how to set up CMQ Permission.
Before CAM Activate, atomic accounts (sub-users and collaborators) can log in to the CMQ console and see the resource list of the root account (that is, the list API Permission, which used to use the root account key). After connecting to CAM, the sub-account does not obtain the resource list of the root account Permission by default (the key of the sub-account is used to log in to the console). Only Access and Permission can be authorized by the root account through CAM.
The console will call CMQ API, so when you need to view queue, topic and subscription information on the console, you need to grant Permission to the CMQ called on the console by API, otherwise the sub-account will report no Permission error. The interfaces that need to be authorized for different console interfaces are as follows:
- Console view queue list: authorize ListQueue interface
- View topic's list in the console: authorize ListTopic API
- Console view subscription list: authorize ListSubscriptionByTopic interface
The sub-account also needs the console Access CMQ. The corresponding interface Permission needs to be granted. CAM authorization is required for the cloud monitoring interface for sub-accounts to view monitoring data through the console. .
- Log in [ Access Management console ] > "user list", click "Create user" in the upper left corner.
- On the Create user page, select the user type and Enter user information.
If the user needs to log in to Tencent Cloud console or call Cloud API, you need to select "Tencent Cloud console Access" and Enter QQ account as login to credential.
For specific account description, please refer to User type .
- Associate policy for this user (Permission who gets the policy description after the policy describes Permission and Associate). For more information, please see Policy Document.
- In the user Management list, you can view the sub-users that have been added.
Create Custom Policy
You can create a custom policy to specify the Permission that enables the specific API, such as Permission (consumption message, batch consumption message) of the specified CMQ Queue.
The specific operation method can be referred to Policy Document.
CMQ's list API Permission is open by default (log in to the CMQ console, where you can see a specific list of resources). The specific resource content you can view can be controlled by Permission.
After logging in using a sub-account, if you cannot find the corresponding resource, click to switch the collaborator developer account in the upper right corner of the console.