Role-Based Access Control
AutoMQ supports Role-Based Access Control (RBAC), providing fine-grained permission management to ensure that member accounts and service accounts can access necessary resources with the principle of least privilege. Through RBAC, environment administrators can effectively manage and control access to AutoMQ resources, ensuring system security and stability.
RBAC Principles
The core principle of RBAC is to bind predefined roles to member accounts and service accounts. Each role contains a set of predefined permissions that determine the actions an account can perform. This approach allows administrators to flexibly assign and manage permissions, ensuring users can only access and operate on the resources they are authorized to.
Appendix: Predefined System Roles
AutoMQ provides a series of built-in roles, each corresponding to different levels of permissions to meet the needs of various scenarios. Below is a list of the built-in roles supported by AutoMQ along with their operation lists:
| Role | Action | Permission Level and Applicable Scenarios |
|---|---|---|
| InstanceViewer | Instance:ListInstances |
|
| Instance:GetInstance | ||
| Instance:GetInstanceMetadata | ||
| Instance:ListInstanceACLPolicies | ||
| Instance:ListInstanceACLUsers | ||
| ConsumerGroup:ListConsumerGroups | ||
| ConsumerGroup:GetConsumerGroup | ||
| Topic:GetTopic | ||
| Topic:ListTopics | ||
| Profile:GetDeployProfile | ||
| Profile:ListDeployProfiles | ||
| InstanceDeveloper | Instance:GetInstance |
|
| Instance:ListInstances | ||
| Instance:ListInstanceACLPolicies | ||
| Instance:CreateInstanceACLPolicy | ||
| Instance:DeleteInstanceACLPolicy | ||
| Instance:GetInstanceMetadata | ||
| Instance:ListInstanceACLUsers | ||
| Instance:CreateInstanceACLUser | ||
| Instance:DeleteInstanceACLUser | ||
| ConsumerGroup:ListConsumerGroups | ||
| ConsumerGroup:CreateConsumerGroup | ||
| ConsumerGroup:GetConsumerGroup | ||
| ConsumerGroup:UpdateConsumerGroup | ||
| ConsumerGroup:DeleteConsumerGroup | ||
| Topic:ListTopics | ||
| Topic:CreateTopic | ||
| Topic:GetTopic | ||
| Topic:DeleteTopic | ||
| Topic:UpdateTopic | ||
| Topic:CreateMessage | ||
| Profile:GetDeployProfile | ||
| Profile:ListDeployProfiles | ||
| Environment:GetMessage | ||
| InstanceAdmin | Instance:GetInstance |
|
| Instance:ListInstances | ||
| Instance:UpdateInstance | ||
| Instance:GetInstanceMetadata | ||
| Instance:DeleteInstance | ||
| Instance:UpdateInstanceIntegration | ||
| Instance:ListInstanceACLUsers | ||
| Instance:CreateInstanceACLUser | ||
| Instance:DeleteInstanceACLUser | ||
| Instance:ListInstanceACLPolicies | ||
| Instance:CreateInstanceACLPolicy | ||
| Instance:DeleteInstanceACLPolicy | ||
| ConsumerGroup:ListConsumerGroups | ||
| ConsumerGroup:CreateConsumerGroup | ||
| ConsumerGroup:GetConsumerGroup | ||
| ConsumerGroup:UpdateConsumerGroup | ||
| ConsumerGroup:DeleteConsumerGroup | ||
| Topic:CreateTopic | ||
| Topic:GetTopic | ||
| Topic:DeleteTopic | ||
| Topic:UpdateTopic | ||
| Topic:ListTopics | ||
| Topic:CreateMessage | ||
| Profile:GetDeployProfile | ||
| Profile:ListDeployProfiles | ||
| Environment:GetMessage | ||
| Integration:ListIntegrations | ||
| Integration:ListIntegrationTypes | ||
| IntegrationAdmin | Integration:UpdateInstanceIntegration |
|
| Integration:ListIntegrations | ||
| Integration:GetIntegration | ||
| Integration:UpdateIntegration | ||
| Integration:DeleteIntegration | ||
| Integration:ListIntegrationTypes | ||
| Profile:ListDeployProfiles | ||
| Profile:GetDeployProfile | ||
| EnvironmentViewer | Instance:GetInstance |
|
| Instance:ListInstances | ||
| Instance:ListInstanceACLPolicies | ||
| Instance:GetInstanceMetadata | ||
| Instance:ListInstanceACLUsers | ||
| ConsumerGroup:ListConsumerGroups | ||
| ConsumerGroup:GetConsumerGroup | ||
| Topic:ListTopics | ||
| Topic:GetTopic | ||
| Integration:ListIntegrations | ||
| Integration:GetIntegration | ||
| Integration:ListIntegrationTypes | ||
| Migration:ListMigrations | ||
| Migration:GetMigration | ||
| Profile:ListDeployProfiles | ||
| Profile:GetDeployProfile | ||
| Environment:ListProductVersions | ||
| Environment:ListProviders | ||
| Environment:ListRegions | ||
| Environment:ListZones | ||
| Environment:ListSubnets | ||
| Environment:ListNodeGroups | ||
| Environment:GetNodeGroup | ||
| Environment:GetEnvironment | ||
| EnvironmentOperator | Instance:GetInstance |
|
| Instance:ListInstances | ||
| Instance:ListInstanceACLPolicies | ||
| Instance:CreateInstanceACLPolicy | ||
| Instance:DeleteInstanceACLPolicy | ||
| Instance:CreateInstance | ||
| Instance:UpdateInstance | ||
| Instance:DeleteInstance | ||
| Instance:GetInstanceMetadata | ||
| Instance:UpdateInstanceIntegration | ||
| Instance:ListInstanceACLUsers | ||
| Instance:CreateInstanceACLUser | ||
| Instance:DeleteInstanceACLUser | ||
| Topic:ListTopics | ||
| Topic:CreateTopic | ||
| Topic:GetTopic | ||
| Topic:DeleteTopic | ||
| Topic:UpdateTopic | ||
| Topic:CreateMessage | ||
| ConsumerGroup:ListConsumerGroups | ||
| ConsumerGroup:CreateConsumerGroup | ||
| ConsumerGroup:GetConsumerGroup | ||
| ConsumerGroup:UpdateConsumerGroup | ||
| ConsumerGroup:DeleteConsumerGroup | ||
| Integration:ListIntegrations | ||
| Integration:CreateIntegration | ||
| Integration:GetIntegration | ||
| Integration:UpdateIntegration | ||
| Integration:DeleteIntegration | ||
| Integration:ListIntegrationTypes | ||
| Migration:CreateMigration | ||
| Migration:UpdateMigration | ||
| Migration:ListMigrations | ||
| Migration:GetMigration | ||
| Migration:DeleteMigration | ||
| Profile:ListDeployProfiles | ||
| Profile:GetDeployProfile | ||
| Profile:CreateDeployProfile | ||
| Profile:UpdateDeployProfile | ||
| Profile:DeleteDeployProfile | ||
| Environment:CreateProductVersion | ||
| Environment:GetDeploymentOrder | ||
| Environment:ListProductVersions | ||
| Environment:ListProviders | ||
| Environment:ListRegions | ||
| Environment:ListZones | ||
| Environment:ListSubnets | ||
| Environment:ListNodeGroups | ||
| Environment:GetNodeGroup | ||
| Environment:GetMessage | ||
| Environment:DeleteEndPoint | ||
| Environment:CreateEndPoint | ||
| EnvironmentAdmin | 全部 |
|
通过内置角色和操作列表,管理员可以灵活地管理 AutoMQ 控制台的访问权限,确保系统的安全性和高效性。