tencent cloud

Detect AI Fraud with Tencent eKYC！Intercept 99%+ Deepfake Attacks!

TDMQ for Apache Pulsar

Release Notes and Announcements

Release Notes

Cluster Version Updates

Announcements

Official Launch of TDMQ for Apache Pulsar

TDMQ for Apache Pulsar's Support for CAM Authorization at All Resource Levels

Suspension of Feature Update for Tencent Cloud SDK

Product Introduction

Comparison with Apache Pulsar

Purchase Guide

Product Selection

Billing Overview

Purchase Methods

Pricing Overview

Virtual Cluster Billing

Pro Cluster

Getting Started

Using SDK to Send and Receive Normal Messages

Resource Creation and Preparation

Downloading and Running Demo

Using Message Retry and Dead Letter Queue

Using Share Subscription Mode to Consume Messages

Developer Guide

How It Works

Pulsar Topic and Partition

Pulsar Multi-AZ Deployment

Message Storage Principle and ID Generation Rule

Message Replica and Storage Mechanisms

Best Practices

Automatically create Topic

Subscription Mode

Scheduled Message and Delayed Message

Message Filtering

Message Retry and Dead Letter Mechanisms

Client Connection and Producer/Consumer

Operation Guide

Cluster Management

Direct Connection/Cross-Region Access

Namespace

Topic Management

Subscription Management

Producer Management

Message Query and Trace

Monitoring and Alarms

Cluster Monitoring

Topic Monitoring

Alarm Configuration

Connecting to Prometheus

Monitoring and Alarm Practices

Permission Management

Permission Management Overview

Pulsar Instance Permission Management

Granting Sub-Account Access Permissions

Granting Sub-Account Operation-Level Permissions

Granting Sub-Account Resource-Level Permissions

Granting Sub-Account Tag-Level Permissions

Role and Authentication

JWT Authentication Configuration

Tag Management

Cross-Region Replication

Cross-Region Replication/Feature Description

Cross-Region Disaster Recovery Practices

Cluster Migration

Single Write and Multiple Read Migration Solution

Cluster Migration Capability Description

Practical Tutorial

Transaction Reconciliation

API Documentation

Making API Requests

Message APIs

Cluster APIs

DescribePulsarProInstanceDetail

DescribePulsarProInstances

DescribeRabbitMQNodeList

DescribeClusters

DescribeClusterDetail

Namespace APIs

ModifyEnvironmentAttributes

DescribeEnvironments

DescribeEnvironmentAttributes

DeleteEnvironments

CreateEnvironment

DescribeEnvironmentRoles

DeleteRocketMQNamespace

Topic APIs

CMQ Message APIs

ClearCmqSubscriptionFilterTags

ClearCmqQueue

CMQ Management APIs

UnbindCmqDeadLetter

RewindCmqQueue

ModifyCmqTopicAttribute

ModifyCmqSubscriptionAttribute

ModifyCmqQueueAttribute

DescribeCmqTopics

DescribeCmqTopicDetail

DescribeCmqSubscriptionDetail

DescribeCmqQueues

DescribeCmqQueueDetail

Other APIs

Environment Role APIs

ModifyRole

ModifyEnvironmentRole

DescribeRoles

DeleteEnvironmentRoles

CreateRole

CreateEnvironmentRole

DeleteRoles

TDMQ for RabbitMQ APIs

CreateRabbitMQUser

CreateRabbitMQVirtualHost

DeleteRabbitMQUser

DeleteRabbitMQVirtualHost

DescribeRabbitMQUser

DescribeRabbitMQVirtualHost

ModifyRabbitMQUser

ModifyRabbitMQVirtualHost

CreateRabbitMQVipInstance

DeleteRabbitMQVipInstance

DescribeRabbitMQVipInstances

RocketMQ APIs

DescribeRocketMQVipInstanceDetail

DescribeRocketMQMsg

ModifyRocketMQTopic

ModifyRocketMQNamespace

ModifyRocketMQGroup

ModifyRocketMQCluster

DescribeRocketMQTopics

DescribeRocketMQNamespaces

DescribeRocketMQGroups

DescribeRocketMQClusters

DescribeRocketMQCluster

DeleteRocketMQTopic

DeleteRocketMQGroup

DeleteRocketMQCluster

CreateRocketMQTopic

CreateRocketMQNamespace

CreateRocketMQGroup

CreateRocketMQCluster

TDMQ for RocketMQ APIs

ModifyRocketMQInstanceSpec

DescribeRocketMQVipInstances

Production and Consumption APIs

DescribeSubscriptions

DeleteSubscriptions

CreateSubscription

ResetMsgSubOffsetByTimestamp

DescribePublishers

DescribePublisherSummary

ResetRocketMQConsumerOffSet

Data Types

Error Codes

SDK Documentation

SDK Overview

Apache Pulsar TCP Protocol

FAQs

Traffic Throttling Mechanism Description

TDMQ Policy

Privacy Policy

Data Processing and Security Agreement

Service Level Agreement

General References

Message Type

Retry Letter Topic and Dead Letter Topic

Contact Us

Glossary

DocumentationTDMQ for Apache PulsarOperation GuidePermission ManagementPulsar Instance Permission ManagementGranting Sub-Account Access Permissions

Granting Sub-Account Access Permissions

Download PDF

Last updated: 2024-08-19 16:39:56

Granting Sub-Account Access Permissions

Last updated: 2024-08-19 16:39:56

Download PDF

Basic Concepts of CAM
The root account authorizes sub-accounts by binding policies, which can be precisely set at the [API, resource, user/user group, allow/deny, condition] dimension.
Account System
Root account: Owns and has unrestricted access to all Tencent Cloud resources.
Sub-account: Includes sub-users and collaborators.
Sub-user: Created by the main account and completely belongs to the root account that created the Sub-user.
Collaborator: A user with a main account identity added as a collaborator to the current root account, becoming one of its sub-accounts and able to switch back to the root account identity
Identity credentials: Includes log-in credentials and access certificates. Log-in credentials refer to a user’s log-in name and password. Access certificates refer to Tencent Cloud API keys (SecretId and SecretKey).
Resource and Permission
Resource: An object being operated in Tencent Cloud services, such as a CVM instance, a COS bucket, or a VPC instance
Permission: An authorization to allow or disallow some users to perform certain operations. By default, a root account has full access to all the resources under the account, while a sub-account does not have access to any resources under the root account.
Policy: A syntax rule that defines and describes one or more permissions. The root account performs authorization by associating policies with users/user groups.
Sub-Account Using Pulsar
To ensure that the sub-account can successfully use Pulsar, the root account needs to authorize the sub-account.
Root account logs in to CAM Console, finds the corresponding sub-account in the sub-account list, and clicks the Authorize in the operation column.
Pulsar offers two preset policies for sub-accounts: QcloudTDMQReadOnlyAccess and QcloudTDMQFullAccess. The former can only view related information in the console, while the latter can perform read-write operations in the product console.
﻿
In addition to the above preset policies, for ease of use, the root account needs to grant the sub-accounts appropriate permissions to call other cloud services based on actual needs. The use of Pulsar involves the following API permissions of various cloud services:
Tencent Cloud Services
API Name
API Function
Corresponding Role in Pulsar
TCOP (Monitor)
GetMonitorData
Query metric monitoring data.
View the corresponding monitoring metrics displayed in the console.
TCOP (Monitor)
DescribeDashboardMetricData
Query metric monitoring data.
View the corresponding monitoring metrics displayed in the console.
Resource Tag (Tags)
DescribeResourceTagsByResourceIds
Query resource tag.
View cluster resource tags.
To grant the sub-account the above permissions, for the root account, you need to go to the CAM Console on the Policies page, and perform the Create Custom Policy operation. Click Create by****Policy Syntax for creation, then select Blank Template, and enter the following policy syntax:
   {
     "version": "2.0",
     "statement": [
       {
         "effect": "allow",
         "action": [
           "monitor:GetMonitorData",
           "monitor:DescribeDashboardMetricData",
           "tag:DescribeResourceTagsByResourceIds"
         ],
         "resource": [
           "*"
         ]
       }
     ]
   }
﻿
After the policy is created, associate the newly created policy with the sub-account as shown below:
﻿
﻿
﻿

Was this page helpful?

You can also Contact Sales or Submit a Ticket for help.

Yes

No

Contact Us

Contact our sales team or business advisors to help your business.

Technical Support

Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

7x24 Phone Support

Hong Kong, China

+852 800 906 020 (Toll Free)

United States

+1 844 606 0804 (Toll Free)

United Kingdom

+44 808 196 4551 (Toll Free)

Canada

+1 888 605 7930 (Toll Free)

Australia

+61 1300 986 386 (Toll Free)

EdgeOne hotline

+852 300 80699

More local hotlines coming soon

Tencent Cloud Services	API Name	API Function	Corresponding Role in Pulsar
TCOP (Monitor)	GetMonitorData	Query metric monitoring data.	View the corresponding monitoring metrics displayed in the console.
TCOP (Monitor)	DescribeDashboardMetricData	Query metric monitoring data.	View the corresponding monitoring metrics displayed in the console.
Resource Tag (Tags)	DescribeResourceTagsByResourceIds	Query resource tag.	View cluster resource tags.

tencent cloud

New User Offers

Next-Generation CDN：EdgeOne

Elasticsearch Service Special Offers

Free Tier

Tencent Cloud Startup Program

Special Offers

Lighthouse Special Offers

Cloud Object Storage Special Offers

Featured Products

New Products

Education

Tencent Cloud Online Education Solutions

Gaming

Gaming Solution

Game Media Solutions

Financial Services

Financial Services Solution

Audio & Video

Audio/Video Solution

LVB Recording Solution

Interactive Classroom Solution

Interactive Live Streaming Solution

Audio Chat Social Networking Solution

Real Estate

Tencent Cloud LinkBase(Weiling)

E-commerce

E-commerce retail solutions

Compute

Cloud Virtual Machine

Auto Scaling

Batch Compute

CVM Dedicated Host

Database

TencentDB for MySQL

TencentDB for Redis®

TencentDB for CTSDB

TDSQL for MySQL

Data Transfer Service

TencentDB for MongoDB

TencentDB for PostgreSQL

TencentDB for SQL Server

TencentDB for TcaplusDB

Video Service

Cloud Streaming Services

Video on Demand

Media Processing Service

Cloud Application Rendering

Cloud Contact Center

Game Multimedia Engine

Chat

Real-time Communication

Tencent Effect SDK

AI and Machine Learning

Image Creation Large Model

Face Fusion

eKYC

Optical Character Recognition

Video Creation Large Model

Industry Applications

Tencent HealthCare Omics Platform

Container and Middleware

TDMQ for CKafka

Serverless Cloud Function

Tencent Kubernetes Engine

Tencent Kubernetes Engine for Serverless

Networking

Cloud Load Balancer

Virtual Private Cloud

Direct Connect

Cloud Connect Network

NAT Gateway

VPN Connection

Bandwidth Package

Anycast Internet Acceleration

Elastic Network Interface

Flow Logs

Global Application Acceleration Platform

Security

Captcha