Overview
AutoMQ Cloud supports identity recognition and RBAC (Role-Based Access Control) permissions. This article introduces the basic concepts of accounts in the AutoMQ Cloud product system.
Account Types
AutoMQ Cloud offers two types of accounts: Member Account and Service Account. Their definitions and differences are as follows:
Account Type | Roles and Differences |
---|---|
Member Account |
|
Service Account |
|
Member Account
Definition
Member accounts are identity credentials for environment-level operations, either generated by the system by default or manually created by existing environment members.
Member accounts support multiple roles based on the required permission scope, currently including Admin, Operator, and Viewer roles.
Creation Method
The initial Admin member of each environment is automatically created by the system when the environment is created. Subsequent members can be manually created by an Admin member.
Relationship Between Environment and Environment Members
When a new environment is created, the system will automatically initialize and create an Admin role member for the current environment. Subsequent members are then created by the initial Admin member.
Service Account
Definition
Service accounts are provided by AutoMQ Cloud for external systems to access AutoMQ via APIs and application integration. Service accounts do not have login passwords and cannot be operated through the WebUI.
Creation Method
Service accounts can be created by member accounts in the AutoMQ Console or via API.
RBAC Permission Control
Both member accounts and service accounts in AutoMQ Cloud support RBAC (Role Based Access Control). The system comes with multiple predefined roles, each with different permission scopes. Admin role accounts perform authorization operations by assigning roles to other accounts.
The currently supported roles are as follows:
Role | Permission Description |
---|---|
Admin Role |
|
Operator Role |
|
Viewer Role |
|