如何创建授权策略对RAM用户授权_消息队列 MQ-阿里云帮助中心

微消息队列MQTT版权限管理是通过阿里云的访问控制RAM（Resource Access Management）产品实现的。使用RAM可以让您避免与其他用户共享云账号密钥，即AccessKey（包含AccessKey ID和AccessKey Secret），按需为用户分配最小权限。在使用RAM用户调用阿里云OpenAPI前，需要阿里云账号通过创建授权策略对RAM用户进行授权。

微消息队列MQTT版的Resource与Action的对应规则

在微消息队列MQTT版中，实例、Topic、Group和规则各为一种Resource，对这些Resource授予的权限即为Action。

可授权的微消息队列MQTT版OpenAPI

下表列举了微消息队列MQTT版中可授权的OpenAPI及其描述方式。

说明如需访问微消息队列MQTT版的OpenAPI，则需有访问微消息队列MQTT版实例的权限，即mq:MqttInstanceAccess权限。

更多信息请参见权限策略。


API	Resource命名格式	Resource命名示例	Action描述
RevokeToken	acs:mq:::*	acs:mq:::*	mq:MqttInstanceAccess mq:RevokeToken
QueryToken	acs:mq:::*	acs:mq:::*	mq:MqttInstanceAccess mq:QueryToken
ApplyToken	实例：acs:mq:::instance/{mqttInstanceId} Topic：acs:mq:::topic/{mqttInstanceId}/{topic}	实例：acs:mq:::instance/post-cn-09k1noy**** Topic：acs:mq:::topic/post-cn-09k1noy**/Topic_**	mq:MqttInstanceAccess mq:ApplyToken
CreateGroupId	实例：acs:mq:::instance/{mqttInstanceId} Group ID：acs:mq:::groupId/{mqttInstanceId}/{gid}	实例：acs:mq:::instance/post-cn-09k1noy**** Group ID：acs:mq:::groupId/post-cn-09k1noy**/GID_**	mq:MqttInstanceAccess mq:CreateGroupId
DeleteGroupId			mq:MqttInstanceAccess mq:DeleteGroupId
ListGroupId			mq:MqttInstanceAccess mq:ListGroupId
CreateTopic	实例：acs:mq:::instance/{mqttInstanceId} Topic：acs:mq:::topic/{mqttInstanceId}/{topic}	实例：acs:mq:::instance/post-cn-09k1noy**** Topic：acs:mq:::topic/post-cn-09k1noy**/Topic_**	mq:MqttInstanceAccess mq:CreateMqttTopic
DeleteTopic			mq:MqttInstanceAccess mq:DeleteMqttTopic
ListTopic			mq:MqttInstanceAccess mq:ListMqttTopic
UpdateTopic			mq:MqttInstanceAccess mq:UpdateMqttTopic
CreateMqttInboundRule	实例：acs:mq:::instance/{mqttInstanceId} Rule：acs:mq:::rule/{mqttInstanceId}/{ruleId}	实例：acs:mq:::instance/post-cn-09k1noy**** Rule：acs:mq:::rule/post-cn-09k1noy**/111**	mq:MqttInstanceAccess mq:CreateMqttInboundRule
DeleteMqttInboundRule			mq:MqttInstanceAccess mq:DeleteMqttInboundRule
ListMqttInboundRuleInPage			mq:MqttInstanceAccess mq:ListMqttInboundRule
UpdateMqttInboundRule			mq:MqttInstanceAccess mq:UpdateMqttInboundRule
CreateMqttOutboundRule			mq:MqttInstanceAccess mq:CreateMqttOutboundRule
DeleteMqttOutboundRule			mq:MqttInstanceAccess mq:DeleteMqttOutboundRule
ListMqttOutboundRuleInPage			mq:MqttInstanceAccess mq:ListMqttOutboundRule
UpdateMqttOutboundRule			mq:MqttInstanceAccess mq:UpdateMqttOutboundRule
CreateClientStatusNotifyRule			mq:MqttInstanceAccess mq:CreateClientStatusNotifyRule
DeleteClientStatusNotifyRule			mq:MqttInstanceAccess mq:DeleteClientStatusNotifyRule
ListClientStatusNotifyRuleInPage			mq:MqttInstanceAccess mq:ListClientStatusNotifyRule
UpdateClientStatusNotifyRule			mq:MqttInstanceAccess mq:UpdateClientStatusNotifyRule