Access Management (CAM)

TDMQ for CMQ

Release Notes and Announcements

Release Notes

Announcements

Notification on the Enabling of Frequency Limit for TencentCloud API of TDMQ for CMQ

Announcement on Price Adjustment of TDMQ for CMQ

TDMQ for CMQ Billing Start

Product Introduction

Basic Concepts

Queue and Message Identifiers

Purchase Guide

Getting Started

Getting Started with Queue Model

Getting Started with Topic Model

Operation Guide

Queue Service

Queue Management

Viewing Queue Details

Viewing Monitoring Data

Message Rewind

Dead Letter Queue

Topic Subscription

Topic Management

Subscription Management

Viewing Monitoring Data

Tag Key Matching Feature Description

Routing Key Matching Feature Description

Access Management (CAM)

Tag Management

Managing Resource with Tag

Editing Tag

Alarm Configuration

Message Query and Trace

Practical Tutorial

Message Deduplication

Push/Pull Selection

Success Stories

Online Image Processing

Qidian.com

Development Guide

HTTP Endpoint Subscription

General References

Parameter Differences

API Documentation

API 2.0 to 3.0 Switch Guide

SDK Documentation

HTTP Data Flow SDK

HTTP Control Flow SDK

SDK Parameter Configuration Description

FAQs

Features

Operations

Service Level Agreement

Glossary

DocumentationTDMQ for CMQOperation GuideAccess Management (CAM)

Access Management (CAM)

Download PDF

Last updated: 2024-01-03 10:17:36

Access Management (CAM)

Last updated: 2024-01-03 10:17:36

Download PDF

Basic CAM Concepts
The root account authorizes sub-accounts by associating policies. The policy setting can be specific to the level of [API, Resource, User/User Group, Allow/Deny, and Condition].
Account
Root account: It owns all Tencent Cloud resources and can access any of its resources.
Sub-account: It includes sub-users and collaborators.
Sub-user: It is created and fully owned by a root account.
Collaborator: It has the identity of a root account. After it is added as a collaborator of the current root account, it becomes one of the sub-accounts of the current root account and can switch back to its root account identity.
Identity credential: It includes login credentials and access certificates. Login credential refers to a user's login name and password. Access certificate refers to Tencent Cloud API keys (SecretId and SecretKey).
Resource and permission
Resource: It is an object manipulated in Tencent Cloud services. TDMQ for CMQ resources include topics and queues.
Permission: It is an authorization that allows or forbids users to perform certain operations. By default, a root account has full access to all resources under it, while a sub-account does not have access to any resources under its root account.
Policy: It is a syntax rule that defines and describes one or more permissions. The root account performs authorization by associating policies with users/user groups.
View CAM documentation >>
Relevant Documents
Content
Document
Understand the relationship between policies and users
Concepts
Understand the basic structure of policies
Element Reference
Check CAM-enabled products
Overview
List of APIs Supporting Resource-Level Authorization
TDMQ for CMQ supports resource-level authorization. You can grant a specified sub-account the API permission of a specified resource.
APIs supporting resource-level authorization include:
API Name
API Description
Resource Type
Six-Segment Resource Example
ModifyCmqTopicAttribute
Modifies TDMQfor CMQ topic attributes
Topic
qcs::tdmq:${region}:uin/${uin}:topic/${topicName}
CreateCmqSubscribe
Creates a TDMQ for CMQ subscription
Topic
qcs::tdmq:${region}:uin/${uin}:topic/${topicName}
ModifyCmqSubscriptionAttribute
Modifies TDMQf for CMQ subscription attributes
Subscription
qcs::tdmq:${region}:uin/${uin}:subscription/${topicName}/${subscriptionName}
RewindCmqQueue
Rewinds a TDMQf for CMQ queue
Queue
qcs::tdmq:${region}:uin/${uin}:queue/${queueName}
ModifyCmqQueueAttribute
Modifies TDMQ for CMQ queue attributes
Queue
qcs::tdmq:${region}:uin/${uin}:queue/${queueName}
ClearCmqSubscriptionFilterTags
Clears message subscription tags in TDMQ for CMQ
Subscription
qcs::tdmq:${region}:uin/${uin}:subscription/${topicName}/${subscriptionName}
ClearCmqQueue
Clears messages in a TDMQ for CMQ queue
Queue
qcs::tdmq:${region}:uin/${uin}:queue/${queueName}
DeleteCmqSubscribe
Deletes a TDMQ for CMQ subscription
Subscription
qcs::tdmq:${region}:uin/${uin}:subscription/${topicName}/${subscriptionName}
DeleteCmqTopic
Deletes a TDMQ for CMQ topic
Topic
qcs::tdmq:${region}:uin/${uin}:topic/${topicName}
BatchReceiveMessage
Consumes messages in batches
Queue
qcs::tdmq:${region}:uin/${uin}:queue/${queueName}
UnbindCmqDeadLetter
Unbinds a TDMQ for CMQ dead letter queue
Queue
qcs::tdmq:${region}:uin/${uin}:queue/${sourceQueueName}
DescribeCmqDeadLetterSourceQueues
Enumerates the source queues of a TDMQ for CMQ dead letter queue
Dead letter queue
qcs::tdmq:${region}:uin/${uin}:dlq/${sourceQueueName}/${deadLetterQueueName}
DescribeCmqTopics
Enumerates all TDMQ for CMQ topics
Topic
qcs::tdmq:${region}:uin/${uin}:topic/${topicName}
DescribeCmqSubscriptionDetail
Queries TDMQ for CMQ subscription details
Topic
qcs::tdmq:${region}:uin/${uin}:topic/${topicName}/${subscriptionName}
DescribeCmqQueues
Queries all TDMQ for CMQ queues
Queue
qcs::tdmq:${region}:uin/${uin}:queue/${queueName}
PublishCmqMsg
Sends a TDMQ for CMQ topic message
Topic
qcs::tdmq:${region}:uin/${uin}:topic/${topicName}
SendCmqMsg
Sends a TDMQ for CMQ message
Queue
qcs::tdmq:${region}:uin/${uin}:queue/${queueName}
DescribeCmqTopicDetail
Queries TDMQ for CMQ topic details
Topic
qcs::tdmq:${region}:uin/${uin}:topic/${topicName}qcs::tdmq:${region}:uin/${uin}:queue/${queueName}
DescribeCmqQueueDetail
Queries TDMQ for CMQ queue details
Queue
qcs::tdmq:${region}:uin/${uin}:queue/${queueName}
DeleteCmqQueue
Deletes a TDMQ for CMQ queue
Queue
qcs::tdmq:${region}:uin/${uin}:queue/${queueName}
List of APIs Not Supporting Resource-Level Authorization
API Name
API Description
Six-Segment Resource
CreateCmqTopic
Creates a TDMQ for CMQ topic
*
CreateCmqQueue
Creates a TDMQ for CMQ queue
*
For APIs that do not support resource-level authorization, the resource field can be configured with an asterisk *.
Authorization Scheme Examples
Full access policy
Grant a sub-user full access to the TDMQ for CMQ queue service (for creating, managing, etc.).
1. Log in to the CAM console.
2. Click Policy on the left sidebar.
3. In the policy list, click Create Custom Policy.
4. In the Select Policy Creation Method pop-up window, select Create by Policy Generator.
5. On the Edit Policy page, click Import Policy Syntax in the top-right corner.
6. On the Import Policy Syntax page, search for TDMQ, select QcloudTDMQFullAccess in the search results, and click OK.
7. On the Edit Policy page, click Next, enter the policy name and description, and select the user/user group you want to associate.
8. Click Complete.
Read-only access policy
The following takes granting the read-only permission of a queue service as an example.
1. Log in to the CAM console.
2. Click Policy on the left sidebar.
3. In the policy list, click Create Custom Policy.
4. In the Select Policy Creation Method pop-up window, select Create by Policy Generator and enter the policy information.
Parameter
Description
Effect
Select Allow
Service
Select TDMQ
Action
Select Read operation
Resource
Select Specific resources and click Add six-segment resource description
Region: Select the resource region
Account: it is automatically populated
Resource Prefix: queue
Enter the name of the queue service you want to authorize
Condition
Allow access to specified operations only when the request is from the specified IP range
5. Click Next, enter the policy name and description, and select the user/user group you want to associate.
6. Click Complete.

Was this page helpful?

You can also Contact Sales or Submit a Ticket for help.

Yes

Content	Document
Understand the relationship between policies and users	Concepts
Understand the basic structure of policies	Element Reference
Check CAM-enabled products	Overview

API Name	API Description	Resource Type	Six-Segment Resource Example
ModifyCmqTopicAttribute	Modifies TDMQfor CMQ topic attributes	Topic	qcs::tdmq:${region}:uin/${uin}:topic/${topicName}
CreateCmqSubscribe	Creates a TDMQ for CMQ subscription	Topic	qcs::tdmq:${region}:uin/${uin}:topic/${topicName}
ModifyCmqSubscriptionAttribute	Modifies TDMQf for CMQ subscription attributes	Subscription	qcs::tdmq:${region}:uin/${uin}:subscription/${topicName}/${subscriptionName}
RewindCmqQueue	Rewinds a TDMQf for CMQ queue	Queue	qcs::tdmq:${region}:uin/${uin}:queue/${queueName}
ModifyCmqQueueAttribute	Modifies TDMQ for CMQ queue attributes	Queue	qcs::tdmq:${region}:uin/${uin}:queue/${queueName}
ClearCmqSubscriptionFilterTags	Clears message subscription tags in TDMQ for CMQ	Subscription	qcs::tdmq:${region}:uin/${uin}:subscription/${topicName}/${subscriptionName}
ClearCmqQueue	Clears messages in a TDMQ for CMQ queue	Queue	qcs::tdmq:${region}:uin/${uin}:queue/${queueName}
DeleteCmqSubscribe	Deletes a TDMQ for CMQ subscription	Subscription	qcs::tdmq:${region}:uin/${uin}:subscription/${topicName}/${subscriptionName}
DeleteCmqTopic	Deletes a TDMQ for CMQ topic	Topic	qcs::tdmq:${region}:uin/${uin}:topic/${topicName}
BatchReceiveMessage	Consumes messages in batches	Queue	qcs::tdmq:${region}:uin/${uin}:queue/${queueName}
UnbindCmqDeadLetter	Unbinds a TDMQ for CMQ dead letter queue	Queue	qcs::tdmq:${region}:uin/${uin}:queue/${sourceQueueName}
DescribeCmqDeadLetterSourceQueues	Enumerates the source queues of a TDMQ for CMQ dead letter queue	Dead letter queue	qcs::tdmq:${region}:uin/${uin}:dlq/${sourceQueueName}/${deadLetterQueueName}
DescribeCmqTopics	Enumerates all TDMQ for CMQ topics	Topic	qcs::tdmq:${region}:uin/${uin}:topic/${topicName}
DescribeCmqSubscriptionDetail	Queries TDMQ for CMQ subscription details	Topic	qcs::tdmq:${region}:uin/${uin}:topic/${topicName}/${subscriptionName}
DescribeCmqQueues	Queries all TDMQ for CMQ queues	Queue	qcs::tdmq:${region}:uin/${uin}:queue/${queueName}
PublishCmqMsg	Sends a TDMQ for CMQ topic message	Topic	qcs::tdmq:${region}:uin/${uin}:topic/${topicName}
SendCmqMsg	Sends a TDMQ for CMQ message	Queue	qcs::tdmq:${region}:uin/${uin}:queue/${queueName}
DescribeCmqTopicDetail	Queries TDMQ for CMQ topic details	Topic	qcs::tdmq:${region}:uin/${uin}:topic/${topicName}qcs::tdmq:${region}:uin/${uin}:queue/${queueName}
DescribeCmqQueueDetail	Queries TDMQ for CMQ queue details	Queue	qcs::tdmq:${region}:uin/${uin}:queue/${queueName}
DeleteCmqQueue	Deletes a TDMQ for CMQ queue	Queue	qcs::tdmq:${region}:uin/${uin}:queue/${queueName}

API Name	API Description	Six-Segment Resource
CreateCmqTopic	Creates a TDMQ for CMQ topic	*
CreateCmqQueue	Creates a TDMQ for CMQ queue	*

Parameter	Description
Effect	Select Allow
Service	Select TDMQ
Action	Select Read operation
Resource	Select Specific resources and click Add six-segment resource description Region: Select the resource region Account: it is automatically populated Resource Prefix: queue Enter the name of the queue service you want to authorize
Condition	Allow access to specified operations only when the request is from the specified IP range

tencent cloud

New User Offers

Next-Generation CDN：EdgeOne

Elasticsearch Service free trial

Free Tier

Tencent Cloud Startup Program

Special Offers

Lighthouse Special Offers

Cloud Object Storage Special Offers

Featured Products

New Products

Education

Tencent Cloud Online Education Solutions

Gaming

Gaming Solution

Game Media Solutions

E-commerce

E-commerce retail solutions

Audio & Video

Audio/Video Solution

LVB Recording Solution

Interactive Classroom Solution

Interactive Live Streaming Solution

Audio Chat Social Networking Solution

Financial Services

Financial Services Solution

Compute

Cloud Virtual Machine

Auto Scaling

Batch Compute

CVM Dedicated Host

Database

TencentDB for MySQL

TencentDB for Redis®

TencentDB for CTSDB

TDSQL for MySQL

Data Transfer Service

TencentDB for MongoDB

TencentDB for PostgreSQL

TencentDB for SQL Server

Video Service

Cloud Streaming Services

Video on Demand

Media Processing Service

Cloud Application Rendering

Cloud Contact Center

Game Multimedia Engine

Chat

Real-time Communication

Tencent Effect SDK

AI and Machine Learning

Image Creation Large Model

Face Fusion

eKYC

Optical Character Recognition

Video Creation Large Model

Industry Applications

Tencent HealthCare Omics Platform

Container and Middleware

TDMQ for CKafka

Serverless Cloud Function

Tencent Kubernetes Engine

Tencent Kubernetes Engine for Serverless

Networking

Cloud Load Balancer

Virtual Private Cloud

Direct Connect

Cloud Connect Network

NAT Gateway

VPN Connection

Bandwidth Package

Anycast Internet Acceleration

Elastic Network Interface

Flow Logs

Global Application Acceleration Platform

Security

Captcha

Cloud Workload Protection Platform

Data Security Governance Center

Key Management Service