tencent cloud

All product documents
TDMQ for Apache Pulsar
DocumentationTDMQ for Apache PulsarOperation GuidePermission ManagementPulsar Instance Permission ManagementGranting Sub-Account Tag-Level Permissions
Granting Sub-Account Tag-Level Permissions
Download PDF
Last updated: 2024-08-19 16:42:37
Granting Sub-Account Tag-Level Permissions
Last updated: 2024-08-19 16:42:37
Download PDF

Overview

This task guides you on how to authorize sub-accounts to access resources under a specific tag using the root account by tag-based authentication. The authorized sub-account can then manage resources with the corresponding tag.

Prerequisites

You should have a Tencent Cloud root account and have already activated the Tencent Cloud Access Management Service.
You should have at least one sub-account under the root account, and the authorization has been completed according to sub-account access authorization.
You should have at least one Pulsar Cluster Resource Instance.
You should have at least one Tag. If you don't have one, you can go to the Tag console > Tag list to create one.

Directions

You can use the policy feature in the CAM console to grant sub-accounts read and write permissions to the Pulsar resources that are owned by the root account and bound to tag, through the method of authorizing by Tag. The detailed directions for granting resource permissions to sub-accounts by Tag are as follows.

Step 1: Binding Tags to the Resource

1. Use the root account to log in to the TDMQ for Apache Pulsar console, and go to the cluster management page.
2. Select the target cluster, click Edit Resource Tag at the top left corner, and bind the resource tag for the cluster.


Step 2: Authorizing by Tag

1. Go to the CAM Console, and click Policies in the left sidebar.
2. Click Create Custom Policy, and select Authorize by Tag.
3. In the visual policy generator, enter tdmq in the Service field to filter. From the results, select Tencent Distributed Message Queue (TDMQ) (tdmq). In Operations, choose All Operations, or select the corresponding operations as needed.
Note:
Some APIs do not support tag authentication for now. See the console page for accurate information.

4. Click Next, and fill in the policy name as required.
5. Click Select User or Select User Group, and choose the user or user group to grant resource permissions to.

6. Click Complete. The related sub-account will be able to control the resources under the specified tag according to the policy.

Unified Management of Resource Tags

You can also perform unified management of resource tags in the Tag Console. Detailed operations are as follows:
1. Log in to the Tencent Cloud Tag Console.
2. In the left sidebar, select Resource Tag. Choose the query conditions as needed, and select TDMQ > Cluster under Resource Type.
3. Click Query Resources.
4. In the results, select the required resources, and click Edit Tag to bind or unbind tags in batch.



Was this page helpful?
You can also Contact Sales or Submit a Ticket for help.
Yes
No

Feedback

Contact Us

Contact our sales team or business advisors to help your business.

Contact Us
Technical Support

Open a ticket if you're looking for further assistance. Our Ticket is 7x24 available.

Submit a Ticket
7x24 Phone Support
Hong Kong, China
+852 800 906 020 (Toll Free)
United States
+1 844 606 0804 (Toll Free)
United Kingdom
+44 808 196 4551 (Toll Free)
Canada
+1 888 605 7930 (Toll Free)
Australia
+61 1300 986 386 (Toll Free)
EdgeOne hotline
+852 300 80699
More local hotlines coming soon