- Release Notes and Announcements
- Product Introduction
- Purchase Guide
- Getting Started
- Developer Guide
- Operation Guide
- Practical Tutorial
- API Documentation
- History
- Introduction
- API Category
- Making API Requests
- Cluster APIs
- Namespace APIs
- Topic APIs
- Message APIs
- CMQ Message APIs
- CMQ Management APIs
- UnbindCmqDeadLetter
- RewindCmqQueue
- ModifyCmqTopicAttribute
- ModifyCmqSubscriptionAttribute
- ModifyCmqQueueAttribute
- DescribeCmqTopics
- DescribeCmqTopicDetail
- DescribeCmqSubscriptionDetail
- DescribeCmqQueues
- DescribeCmqQueueDetail
- DescribeCmqDeadLetterSourceQueues
- DeleteCmqTopic
- DeleteCmqSubscribe
- DeleteCmqQueue
- CreateCmqTopic
- CreateCmqSubscribe
- CreateCmqQueue
- Other APIs
- Environment Role APIs
- TDMQ for RabbitMQ APIs
- RocketMQ APIs
- DescribeRocketMQVipInstanceDetail
- DescribeRocketMQMsg
- ModifyRocketMQTopic
- ModifyRocketMQNamespace
- ModifyRocketMQGroup
- ModifyRocketMQCluster
- DescribeRocketMQTopics
- DescribeRocketMQNamespaces
- DescribeRocketMQGroups
- DescribeRocketMQClusters
- DescribeRocketMQCluster
- DeleteRocketMQTopic
- DeleteRocketMQGroup
- DeleteRocketMQCluster
- CreateRocketMQTopic
- CreateRocketMQNamespace
- CreateRocketMQGroup
- CreateRocketMQCluster
- TDMQ for RocketMQ APIs
- Production and Consumption APIs
- Data Types
- Error Codes
- SDK Documentation
- FAQs
- TDMQ Policy
- Service Level Agreement
- General References
- Contact Us
- Glossary
- Release Notes and Announcements
- Product Introduction
- Purchase Guide
- Getting Started
- Developer Guide
- Operation Guide
- Practical Tutorial
- API Documentation
- History
- Introduction
- API Category
- Making API Requests
- Cluster APIs
- Namespace APIs
- Topic APIs
- Message APIs
- CMQ Message APIs
- CMQ Management APIs
- UnbindCmqDeadLetter
- RewindCmqQueue
- ModifyCmqTopicAttribute
- ModifyCmqSubscriptionAttribute
- ModifyCmqQueueAttribute
- DescribeCmqTopics
- DescribeCmqTopicDetail
- DescribeCmqSubscriptionDetail
- DescribeCmqQueues
- DescribeCmqQueueDetail
- DescribeCmqDeadLetterSourceQueues
- DeleteCmqTopic
- DeleteCmqSubscribe
- DeleteCmqQueue
- CreateCmqTopic
- CreateCmqSubscribe
- CreateCmqQueue
- Other APIs
- Environment Role APIs
- TDMQ for RabbitMQ APIs
- RocketMQ APIs
- DescribeRocketMQVipInstanceDetail
- DescribeRocketMQMsg
- ModifyRocketMQTopic
- ModifyRocketMQNamespace
- ModifyRocketMQGroup
- ModifyRocketMQCluster
- DescribeRocketMQTopics
- DescribeRocketMQNamespaces
- DescribeRocketMQGroups
- DescribeRocketMQClusters
- DescribeRocketMQCluster
- DeleteRocketMQTopic
- DeleteRocketMQGroup
- DeleteRocketMQCluster
- CreateRocketMQTopic
- CreateRocketMQNamespace
- CreateRocketMQGroup
- CreateRocketMQCluster
- TDMQ for RocketMQ APIs
- Production and Consumption APIs
- Data Types
- Error Codes
- SDK Documentation
- FAQs
- TDMQ Policy
- Service Level Agreement
- General References
- Contact Us
- Glossary
Overview
This task guides you on how to authorize sub-accounts to access resources under a specific tag using the root account by tag-based authentication. The authorized sub-account can then manage resources with the corresponding tag.
Prerequisites
You should have a Tencent Cloud root account and have already activated the Tencent Cloud Access Management Service.
You should have at least one sub-account under the root account, and the authorization has been completed according to sub-account access authorization.
You should have at least one Pulsar Cluster Resource Instance.
You should have at least one Tag. If you don't have one, you can go to the Tag console > Tag list to create one.
Directions
You can use the policy feature in the CAM console to grant sub-accounts read and write permissions to the Pulsar resources that are owned by the root account and bound to tag, through the method of authorizing by Tag. The detailed directions for granting resource permissions to sub-accounts by Tag are as follows.
Step 1: Binding Tags to the Resource
1. Use the root account to log in to the TDMQ for Apache Pulsar console, and go to the cluster management page.
2. Select the target cluster, click Edit Resource Tag at the top left corner, and bind the resource tag for the cluster.
Step 2: Authorizing by Tag
1. Go to the CAM Console, and click Policies in the left sidebar.
2. Click Create Custom Policy, and select Authorize by Tag.
3. In the visual policy generator, enter tdmq in the Service field to filter. From the results, select Tencent Distributed Message Queue (TDMQ) (tdmq). In Operations, choose All Operations, or select the corresponding operations as needed.
Note:
Some APIs do not support tag authentication for now. See the console page for accurate information.
4. Click Next, and fill in the policy name as required.
5. Click Select User or Select User Group, and choose the user or user group to grant resource permissions to.
6. Click Complete. The related sub-account will be able to control the resources under the specified tag according to the policy.
Unified Management of Resource Tags
You can also perform unified management of resource tags in the Tag Console. Detailed operations are as follows:
1. Log in to the Tencent Cloud Tag Console.
2. In the left sidebar, select Resource Tag. Choose the query conditions as needed, and select TDMQ > Cluster under Resource Type.
3. Click Query Resources.
4. In the results, select the required resources, and click Edit Tag to bind or unbind tags in batch.
Yes
No
Was this page helpful?