tencent cloud

All product documents
Cloud Access Management
DocumentationCloud Access ManagementCAM-Enabled APIMiddlewareTDMQ for RocketMQ
TDMQ for RocketMQ
Download PDF
Last updated: 2025-03-26 10:06:15
TDMQ for RocketMQ
Last updated: 2025-03-26 10:06:15
Download PDF

Fundamental information

Product Abbreviation in CAM Console Authorization by Tag Authorization Granularity IP Restriction
RocketMQ trocket Supported Supported Resource level Partially supported

Note:

The authorization granularity of cloud products is divided into three levels: service level, operation level, and resource level, based on the degree of granularity.

  • Service level: It defines whether a user has the permission to access the service as a whole. A user can have either full access or no access to the service. For the authorization granularity of cloud products at service level, the authorization of specific APIs are not supported.
  • Operation level: It defines whether a user has the permission to call a specific API of the service. For example, granting an account read-only access to the CVM service is an authorization at the operation level.
  • Resource level: It is the finest authorization granularity which defines whether a user has the permission to access specific resources. For example, granting an account read/write access to a specific CVM instance is an authorization at the resource level.

API authorization granularity

Two authorization granularity levels of API are supported: resource level, and operation level.

  • Resource level: It supports the authorization of a specific resource.
  • Operation level: It does not support the authorization of a specific resource. If the policy syntax restricts a specific resource during authorization, CAM will determine that this API is not within the scope of authorization, and deem it as unauthorized.

Write operations

API API Description Authorization Granularity Six-segment Resource Description IP Restriction
AddMQTTClientSubscription AddMQTTClientSubscription Operation level * Supported
ChangeMigratingTopicToNextStage Move a migrating topic to next stage Resource level qcs::trocket:${region}:uin/${uin}:taskId/${taskId} Supported
CreateChaosTask Create a chaos task Resource level qcs::trocket::uin/${uin}:instance/${InstanceId} Supported
CreateConsumerGroup Create a consumer group Resource level qcs::trocket:${region}:uin/${uin}:consumerGroup/${instanceId}/* Supported
CreateInstance Create a new instance Resource level qcs::trocket:${region}:uin/${uin}:instance/* Supported
CreateInstanceEndpoint Create endpoint Resource level qcs::trocket:${region}:uin/${uin}:instance/${instanceId} Supported
CreateMQTTInsInternalEndpoint CreateMQTTInsInternalEndpoint Operation level * not supported
CreateMQTTInsPublicEndpoint CreateMQTTInsPublicEndpoint Operation level * Supported
CreateMQTTInstance CreateMQTTInstance Operation level * Supported
CreateMQTTJWKSAuthenticator CreateMQTTJWKSAuthenticator Operation level * Supported
CreateMQTTTopic CreateMQTTTopic Operation level * Supported
CreateMQTTUser CreateMQTTUser Operation level * Supported
CreateMigrationTask create migration task Resource level qcs::trocket:${region}:uin/${uin}:* Supported
CreatePerformanceTestJob Create a performance test job Resource level qcs::trocket:${region}:uin/${uin}:instance/${InstanceId} Supported
CreateRole Create a role Resource level qcs::trocket:${region}:uin/${uin}:role/${instanceId}/* Supported
CreateSmoothMigrationTask Create a smooth migration task Operation level * Supported
CreateTopic Create a topic Resource level qcs::trocket:${region}:uin/${uin}:topic/${instanceId}/* Supported
DeleteBrokerNode Delete unable broker node. Resource level qcs::trocket::uin/${uin}:instance/${InstanceId} Supported
DeleteConsumerGroup Delete a consumer group Resource level qcs::trocket:${region}:uin/${uin}:consumerGroup/${instanceId}/${consumerGroup} Supported
DeleteInstance Delete an instance Resource level qcs::trocket:${region}:uin/${uin}:instance/${instanceId} Supported
DeleteInstanceEndpoint Delete an endpoint Resource level qcs::trocket:${region}:uin/${uin}:instance/${instanceId} Supported
DeleteMQTTAuthenticator DeleteMQTTAuthenticator Operation level * Supported
DeleteMQTTClientSubscription DeleteMQTTClientSubscription Operation level * Supported
DeleteMQTTInsInternalEndpoint DeleteMQTTInsInternalEndpoint Operation level * not supported
DeleteMQTTInsPublicEndpoint DeleteMQTTInsPublicEndpoint Operation level * Supported
DeleteMQTTInstance DeleteMQTTInstance Operation level * Supported
DeleteMQTTTopic DeleteMQTTTopic Operation level * Supported
DeleteMQTTUser DeleteMQTTUser Operation level * Supported
DeleteRole Delete a role Resource level qcs::trocket:${region}:uin/${uin}:role/${instanceId}/${role} Supported
DeleteSmoothMigrationTask Delete a smooth migration task Resource level qcs::trocket:${region}:uin/${uin}:taskId/${taskId} Supported
DeleteTopic Delet a topic Resource level qcs::trocket:${region}:uin/${uin}:topic/${instanceId}/${topic} Supported
DoHealthCheckOnMigratingTopic Do health check on a migrating topic Resource level qcs::trocket:${region}:uin/${uin}:taskId/${taskId} Supported
ImportACLForSmoothMigration Import ACL in a smooth migration task. Resource level qcs::trocket:${region}:uin/${uin}:taskId/${taskId} Supported
ImportSourceClusterConsumerGroups Import consumer groups from migrating cluster Resource level qcs::trocket:${region}:uin/${uin}:taskId/${taskId} Supported
ImportSourceClusterTopics Import topics from cluster which is in migration Resource level qcs::trocket:${region}:uin/${uin}:taskId/${taskId} Supported
ModifyBrokerNode Modify broker node. Resource level qcs::trocket::uin/${uin}:instance/${InstanceId} Supported
ModifyConsumerGroup Modify a consumer group Resource level qcs::trocket:${region}:uin/${uin}:consumerGroup/${instanceId}/${consumerGroup} Supported
ModifyInstance Modify an instance Resource level qcs::trocket:${region}:uin/${uin}:instance/${instanceId} Supported
ModifyInstanceEndpoint Modify an endpoint Resource level qcs::trocket:${region}:uin/${uin}:instance/${instanceId} Supported
ModifyInstancePayMode Modify an instance pay mode. Resource level qcs::trocket::uin/${uin}:instance/${instanceId} Supported
ModifyInstanceStatus Modify an instance status Resource level qcs::trocket:${region}:uin/${uin}:instance/${instanceId} Supported
ModifyMQTTInsPublicEndpoint ModifyMQTTInsPublicEndpoint Operation level * Supported
ModifyMQTTInstance ModifyMQTTInstance Operation level * Supported
ModifyMQTTInstanceCertBinding ModifyMQTTInstanceCertBinding Operation level * Supported
ModifyMQTTJWKSAuthenticator ModifyMQTTJWKSAuthenticator Operation level * Supported
ModifyMQTTTopic ModifyMQTTTopic Operation level * Supported
ModifyMQTTUser ModifyMQTTUser Operation level * Supported
ModifyRole Modify a role Resource level qcs::trocket:${region}:uin/${uin}:role/${instanceId}/${role} Supported
ModifySmoothMigrationTask Modify a smooth migration task Resource level qcs::trocket:${region}:uin/${uin}:taskId/${taskId} Supported
ModifyTopic modify topic Resource level qcs::trocket:${region}:uin/${uin}:topic/${instanceId}/${topic} Supported
PublishMQTTMessage PublishMQTTMessage Operation level * Supported
RemoveMigratingTopic Remove a migrating topic Resource level qcs::trocket:${region}:uin/${uin}:taskId/${taskId} Supported
RenewInstance Renew an instance. Resource level qcs::trocket::uin/${uin}:instance/${InstanceId} Supported
ResendDeadLetterMessage resend deadLetter message Resource level qcs::trocket:${region}:uin/${uin}:instance/{InstanceId} Supported
ResetConsumerGroupOffset Reset consumer group offset Resource level qcs::trocket:${region}:uin/${uin}:consumerGroup/${instanceId}/${consumerGroup} Supported
RestoreInstance Restore the RocketMQ cluster Resource level qcs::trocket::uin/${uin}:instance/${InstanceId} Supported
RollbackMigratingTopicStage Rollback migrating topic to previous stage Resource level qcs::trocket:${region}:uin/${uin}:taskId/${taskId} Supported
SendMessage Send a message Resource level qcs::trocket:${region}:uin/${uin}:topic/${instanceId}/${topic} Supported
TerminatePerformanceTestJob Terminate a performance job Resource level qcs::trocket:${region}:uin/${uin}:instance/${InstanceId} Supported

Other Operations

API API Description Authorization Granularity Six-segment Resource Description IP Restriction
CheckMQTTJWKSEndpointConnection CheckMQTTJWKSEndpointConnection Operation level * Supported

Read operations

API API Description Authorization Granularity Six-segment Resource Description IP Restriction
DescribeBrokerStatus Describe broker process status. Resource level qcs::trocket::uin/${uin}:instance/${InstanceId} Supported
DescribeChaosTask Describe the running info of chaos task Operation level * Supported
DescribeConsumerClient Describe a consumer client Resource level qcs::trocket:${region}:uin/${uin}:consumerGroup/${instanceId}/${consumerGroup} Supported
DescribeConsumerClientLag Describe a consumer client lag Resource level qcs::trocket::uin/${uin}:instance/${InstanceId} Supported
DescribeConsumerClientList Describe consumer clients Resource level qcs::trocket:${region}:uin/${uin}:consumerGroup/${instanceId}/${consumerGroup} Supported
DescribeConsumerGroup Describe a consumer group Resource level qcs::trocket:${region}:uin/${uin}:consumerGroup/${instanceId}/${consumerGroup} Supported
DescribeConsumerLag Describe a consumer lag number. Resource level qcs::trocket::uin/${uin}:instance/${InstanceId} Supported
DescribeConsumerStack describe consumer stack. Resource level qcs::trocket:${region}:uin/${uin}:instance/${InstanceId} Supported
DescribeDetailedRoleList Describe detailed role list for topic and group. Resource level qcs::trocket::uin/${uin}:instance/${InstanceId} Supported
DescribeInstance Describe an instance Resource level qcs::trocket:${region}:uin/${uin}:instance/${instanceId} Supported
DescribeInstanceDeliveryProgress Describe an instance delivery progress Resource level qcs::trocket:${region}:uin/${uin}:instance/${instanceId} Supported
DescribeInstanceFeatures Describe Instance Features. Resource level qcs::trocket::uin/${uin}:instance/${InstanceId} Supported
DescribeInstanceTopUsages Describe instance usages Resource level qcs::trocket:${region}:uin/${uin}:instance/${instanceId} Supported
DescribeMQTTAuthenticator DescribeMQTTAuthenticator Operation level * Supported
DescribeMQTTClient DescribeMQTTClient Operation level * Supported
DescribeMQTTInsInternalEndpoint DescribeMQTTInsInternalEndpoint Operation level * not supported
DescribeMQTTInsPublicEndpoints DescribeMQTTInsPublicEndpoints Operation level * Supported
DescribeMQTTInsVPCEndpoints DescribeMQTTInsVPCEndpoints Operation level * Supported
DescribeMQTTInstance DescribeMQTTInstance Operation level * Supported
DescribeMQTTInstanceCert DescribeMQTTInstanceCert Operation level * Supported
DescribeMQTTInstanceRealtimeStats DescribeMQTTInstanceRealtimeStats Operation level * Supported
DescribeMQTTMessage DescribeMQTTMessage Operation level * Supported
DescribeMQTTTopic DescribeMQTTTopic Operation level * Supported
DescribeMessage Describe a message Resource level qcs::trocket:${region}:uin/${uin}:topic/${instanceId}/${topic} Supported
DescribeMessageList Describe message list Resource level qcs::trocket:${region}:uin/${uin}:topic/${instanceId}/${topic} Supported
DescribeMessageTrace Describe message traces Resource level qcs::trocket:${region}:uin/${uin}:topic/${instanceId}/${topic} Supported
DescribeMigratingGroupStats Describe a consumer group\\\\\\\\\\\\\\\'s realtime stats Resource level qcs::trocket:${region}:uin/${uin}:taskId/${taskId} Supported
DescribeMigratingTopicAccessInfo Describe access info of a migrating topic Resource level qcs::trocket:${region}:uin/${uin}:taskId/${taskId} Supported
DescribeMigratingTopicList Describe a list of migrating topics Resource level qcs::trocket:${region}:uin/${uin}:taskId/${taskId} Supported
DescribeMigratingTopicStats Describe statistics of a migrating topic Resource level qcs::trocket:${region}:uin/${uin}:taskId/${taskId} Supported
DescribeMigrationEndpoints Describe access endpoints of a migration task Resource level qcs::trocket:${region}:uin/${uin}:taskId/${taskId} Supported
DescribeMigrationTask describe migration task Resource level qcs::trocket:${region}:uin/${uin}:taskId/${TaskId} Supported
DescribeMigrationTaskList describe migration task list Resource level qcs::trocket:${region}:uin/${uin}:instance/${instanceId} not supported
DescribeModifyOrderDetails Describe order details for modify instanc. Resource level qcs::trocket::uin/${uin}:instance/${InstanceId} Supported
DescribeNewOrderDetails Describe order details for create instance. Operation level * Supported
DescribePerformanceTestJob Describe information of a performance test job Resource level qcs::trocket:${region}:uin/${uin}:instance/${InstanceId} Supported
DescribePerformanceTestJobMetric Get metric list of a performance test job Resource level qcs::trocket:${region}:uin/${uin}:instance/${InstanceId} Supported
DescribePerformanceTestJobNodes Get execution nodes information of a performance test job Resource level qcs::trocket:${region}:uin/${uin}:instance/${InstanceId} Supported
DescribeProducerList Describe producer list Resource level qcs::trocket::uin/${uin}:instance/${instanceId} Supported
DescribeProductSKUs Describe product skus Operation level * Supported
DescribePurchaseConfig Describe user purchase config Operation level * Supported
DescribeRenewOrderDetails Describe order details for renew instance. Resource level qcs::trocket::uin/${uin}:instance/${InstanceId} Supported
DescribeRetryMessageList describe rocketMQ retry message list Resource level qcs::trocket:${region}:uin/${uin}:instance/${instanceId} Supported
DescribeRocketMQRetryMessageList describe rocketMQ retry message list Operation level * not supported
DescribeSmoothMigrationTask Describe detail of a migration task Resource level qcs::trocket:${region}:uin/${uin}:taskId/${taskId} Supported
DescribeSourceClusterGroupList Describe consume groups of source cluster Resource level qcs::trocket:${region}:uin/${uin}:taskId/${taskId} Supported
DescribeSourceClusterTopicList Describe topics of source cluster Resource level qcs::trocket:${region}:uin/${uin}:taskId/${taskId} Supported
DescribeTopic Describe a topic Resource level qcs::trocket:${region}:uin/${uin}:topic/${instanceId}/${topic} Supported
DescribeTopicListByGroup Describe topic list by group Resource level qcs::trocket:${region}:uin/${uin}:consumerGroup/${instanceId}/${consumerGroup} Supported
DescribeTopicQuota Describe topic quota. Resource level qcs::trocket::uin/${uin}:instance/${InstanceId} Supported
DescribeTopicStatisticalList Describe topic type and count Resource level qcs::trocket:${region}:uin/${uin}:instance/${instanceId} Supported
ExportMessage Export messages Resource level qcs::trocket:${region}:uin/${uin}:topic/${instanceId}/${topic} Supported
QueryPriceRenewOrder Query price for renew instance. Resource level qcs::trocket::uin/${uin}:instance/${InstanceId} Supported
VerifyMessageConsumption Verify message consumption Resource level qcs::trocket:${region}:uin/${uin}:topic/${instanceId}/${topic} Supported

List Operations

API API Description Authorization Granularity Six-segment Resource Description IP Restriction
DescribeConsumerGroupList Describe consumer group list Resource level qcs::trocket:${region}:uin/${uin}:consumerGroup/${instanceId}/${consumerGroup} Supported
DescribeFusionInstanceList describe fusion instance list Resource level qcs::trocket:${region}:uin/${uin}:instance/${instanceId} Supported
DescribeFusionMigrationTaskList describe fusion migration task list Resource level qcs::trocket:${region}:uin/${uin}:taskId/${taskId} Supported
DescribeInstanceList Describe a list of instances Resource level qcs::trocket:${region}:uin/${uin}:instance/${instanceId} Supported
DescribeMQTTClientList DescribeMQTTClientList Operation level * Supported
DescribeMQTTInstanceList DescribeMQTTInstanceList Operation level * Supported
DescribeMQTTMessageList DescribeMQTTMessageList Operation level * Supported
DescribeMQTTProductSKUList DescribeMQTTProductSKUList Operation level * Supported
DescribeMQTTSubTopic DescribeMQTTSubTopic Operation level * Supported
DescribeMQTTSubscription DescribeMQTTSubscription Operation level * Supported
DescribeMQTTTopicList DescribeMQTTTopicList Operation level * Supported
DescribeMQTTUserList DescribeMQTTUserList Operation level * Supported
DescribePerformanceTestJobList Get a list of performance test jobs Resource level qcs::trocket:${region}:uin/${uin}:instance/${InstanceId} Supported
DescribeRoleList Describe role list Resource level qcs::trocket:${region}:uin/${uin}:role/${instanceId}/${role} Supported
DescribeSmoothMigrationTaskList Describe a list of smooth migration tasks Resource level qcs::trocket:${region}:uin/${uin}:taskId/${taskId} Supported
DescribeTopicList Describe topic list Resource level qcs::trocket:${region}:uin/${uin}:topic/${instanceId}/${topic} Supported
Was this page helpful?
You can also Contact Sales or Submit a Ticket for help.
Yes
No

Feedback

Contact Us

Contact our sales team or business advisors to help your business.

Contact Us
Technical Support

Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

Submit a Ticket
7x24 Phone Support
Hong Kong, China
+852 800 906 020 (Toll Free)
United States
+1 844 606 0804 (Toll Free)
United Kingdom
+44 808 196 4551 (Toll Free)
Canada
+1 888 605 7930 (Toll Free)
Australia
+61 1300 986 386 (Toll Free)
EdgeOne hotline
+852 300 80699
More local hotlines coming soon