ApsaraMQ for RabbitMQ:Step 1: (Optional) Grant permissions to RAM users

Background information

This operation is applicable only for RAM users. If you access ApsaraMQ for RabbitMQ by using an Alibaba Cloud account, you have full permissions on ApsaraMQ for RabbitMQ resources and no authorization is required.

The following section describes how to view account roles:

Log on to the ApsaraMQ for RabbitMQ console. The basic information about the account is displayed in the upper-right corner of the page. If Main Account is displayed under Account ID, the account is an Alibaba Cloud account and no authorization is required. If RAM User is displayed, the account is a RAM user and authorization is required.

Permission policies of ApsaraMQ for RabbitMQ

ApsaraMQ for RabbitMQ provides the following system policies. You can grant the related permissions to a RAM user based on the permission scope.

In addition to system permission policies, you can also create custom permission policies to grant RAM users permissions on specific resources. For more information, see Custom permission policies.

(Required for RAM users) Grant permissions to a RAM user

1. Log on to the RAM console as a RAM administrator.

2. In the left-side navigation pane, choose Identities > Users.

3. On the Users page, find the required RAM user, and click Add Permissions in the Actions column.

   

   You can also select multiple RAM users and click Add Permissions in the lower part of the page to grant permissions to the RAM users at a time.

4. In the Grant Permission panel, grant permissions to the RAM user.

   1. Configure the Resource Scope parameter.

      • Account: The authorization takes effect on the current Alibaba Cloud account.

      • Resource Group: The authorization takes effect on a specific resource group.

        Important

        If you select Resource Group for the Resource Scope parameter, make sure that the required cloud service supports resource groups. For more information, see Services that work with Resource Group. For more information about how to grant permissions on a resource group, see Use a resource group to grant a RAM user the permissions to manage a specific ECS instance.

   2. Configure the Principal parameter.

      The principal is the RAM user to which you want to grant permissions. The current RAM user is automatically selected.

   3. Configure the Policy parameter.

      A policy contains a set of permissions. Policies can be classified into system policies and custom policies. You can select multiple policies at a time.

      • System policies: policies that are created by Alibaba Cloud. You can use but cannot modify these policies. Version updates of the policies are maintained by Alibaba Cloud. For more information, see Services that work with RAM.

        Note

        The system automatically identifies high-risk system policies, such as AdministratorAccess and AliyunRAMFullAccess. We recommend that you do not grant unnecessary permissions by attaching high-risk policies.

      • Custom policies: You can manage and update custom policies based on your business requirements. You can create, update, and delete custom policies. For more information, see Create a custom policy.

   4. Click Grant permissions.

5. Click Close.