文档

RAM鉴权

更新时间:
一键部署

云消息队列 MQTT 版权限管理是通过阿里云的访问控制RAM(Resource Access Management)产品实现的。使用RAM可以让您避免与其他用户共享云账号密钥,即AccessKey(包含AccessKey ID和AccessKey Secret),按需为用户分配最小权限。在使用RAM用户调用阿里云OpenAPI前,需要阿里云账号通过创建授权策略对RAM用户进行授权。

云消息队列 MQTT 版的Resource与Action的对应规则

云消息队列 MQTT 版中,实例、Topic、Group和规则各为一种Resource,对这些Resource授予的权限即为Action。

可授权的云消息队列 MQTT 版OpenAPI

下表列举了云消息队列 MQTT 版中可授权的OpenAPI及其描述方式。

说明

如需访问云消息队列 MQTT 版的OpenAPI,则需有访问云消息队列 MQTT 版实例的权限,即mq:MqttInstanceAccess权限。

更多信息请参见权限策略

API

Resource命名格式

Resource命名示例

Action描述

RevokeToken

*

*

  • mq:MqttInstanceAccess

  • mq:RevokeToken

QueryToken

*

*

  • mq:MqttInstanceAccess

  • mq:QueryToken

ApplyToken

  • 实例:acs:mq:*:*:instance/{mqttInstanceId}

  • Topic:acs:mq:*:*:topic/{mqttInstanceId}/{topic}

  • 实例:acs:mq:*:*:instance/post-cn-09k1noy****

  • Topic:acs:mq:*:*:topic/post-cn-09k1noy****/Topic_****

  • mq:MqttInstanceAccess

  • mq:ApplyToken

SendMessage

  • mq:MqttInstanceAccess

  • mq:SendMessage

CreateGroupId

  • 实例:acs:mq:*:*:instance/{mqttInstanceId}

  • Group ID:acs:mq:*:*:groupId/{mqttInstanceId}/{gId}

  • 实例:acs:mq:*:*:instance/post-cn-09k1noy****

  • Group ID:acs:mq:*:*:groupId/post-cn-09k1noy****/GID_****

  • mq:MqttInstanceAccess

  • mq:CreateMqttGroupId

DeleteGroupId

  • mq:MqttInstanceAccess

  • mq:DeleteMqttGroupId

ListGroupId

  • mq:MqttInstanceAccess

  • mq:ListMqttGroupId

QuerySessionByClientId

  • 实例:acs:mq:*:*:instance/{mqttInstanceId}

  • Group ID:acs:mq:*:*:groupId/{mqttInstanceId}/{gId}

  • 实例:acs:mq:*:*:instance/post-cn-09k1noy****

  • Group ID:acs:mq:*:*:groupId/post-cn-09k1noy****/GID_****

  • mq:MqttInstanceAccess

  • mq:QuerySessionByClientId

BatchQuerySessionByClientIds

  • mq:MqttInstanceAccess

  • mq:BatchQuerySessionByClientIds

RegisterDeviceCredential

  • mq:MqttInstanceAccess

  • mq:RegisterDeviceCredential

GetDeviceCredential

  • mq:MqttInstanceAccess

  • mq:GetDeviceCredential

UnRegisterDeviceCredential

  • mq:MqttInstanceAccess

  • mq:UnRegisterDeviceCredential

RefreshDeviceCredential

  • mq:MqttInstanceAccess

  • mq:RefreshDeviceCredential

QueryMqttTraceDevice

  • mq:MqttInstanceAccess

  • mq:QueryMqttDeviceTrace

QueryMqttTraceMessageOfClient

  • mq:MqttInstanceAccess

  • mq:QueryMqttDeviceTrace

QueryMqttTraceMessagePublish

实例:acs:mq:*:*:instance/{mqttInstanceId}

实例:acs:mq:*:*:instance/post-cn-09k1noy****

  • mq:MqttInstanceAccess

  • mq:QueryMqttDeviceTrace

QueryMqttTraceMessageSubscribe

  • mq:MqttInstanceAccess

  • mq:QueryMqttDeviceTrace

RegisterCaCertificate

实例:acs:mq:*:*:instance/{mqttInstanceId}

实例:acs:mq:*:*:instance/post-cn-09k1noy****

  • mq:MqttInstanceAccess

  • mq:RegisterCa

ActiveCaCertificate

  • mq:MqttInstanceAccess

  • mq:ActiveCaCertificate

InactivateCaCertificate

  • mq:MqttInstanceAccess

  • mq:UnregisterCaCertificate

ListCaCertificate

  • mq:MqttInstanceAccess

  • mq:ListCaCertificate

GetCaCertificate

  • mq:MqttInstanceAccess

  • mq:GetCaCertificate

GetRegisterCode

  • mq:MqttInstanceAccess

  • mq:GetRegisterCode

DeleteCaCertificate

  • mq:MqttInstanceAccess

  • mq:DeleteCaCertificate

ActiveDeviceCertificate

实例:acs:mq:*:*:instance/{mqttInstanceId}

实例:acs:mq:*:*:instance/post-cn-09k1noy****

  • mq:MqttInstanceAccess

  • mq:ActiveDeviceCertificate

InactivateDeviceCertificate

  • mq:MqttInstanceAccess

  • mq:UnregisterDeviceCertificate

ListDeviceCertificate

  • mq:MqttInstanceAccess

  • mq:ListDeviceCertificate

ListDeviceCertificateByCaSn

  • mq:MqttInstanceAccess

  • mq:ListDeviceCertificateByCaSn

GetDeviceCertificate

  • mq:MqttInstanceAccess

  • mq:GetDeviceCertificate

DeleteDeviceCertificate

  • mq:MqttInstanceAccess

  • mq:DeleteDeviceCertificate

AddCustomAuthConnectBlack

实例:acs:mq:*:*:instance/{mqttInstanceId}

实例:acs:mq:*:*:instance/post-cn-09k1noy****

  • mq:MqttInstanceAccess

  • mq:DeleteCustomAuthConnectBlack

ListTopics

  • mq:MqttInstanceAccess

  • mq:SUB

UpdateMqttOutboundRule

  • mq:MqttInstanceAccess

  • mq:UpdateMqttOutboundRule

CreateMqttInboundRule

  • mq:MqttInstanceAccess

  • mq:CreateMqttInboundRule

AddCustomAuthPermission

  • mq:MqttInstanceAccess

  • mq:AddCustomAuthPermission

QueryCustomAuthConnectBlack

  • mq:MqttInstanceAccess

  • mq:QueryCustomAuthConnectBlack

CreateTopic

  • mq:MqttInstanceAccess

  • mq:CreateMqttTopic

DeleteCustomAuthConnectBlack

  • mq:MqttInstanceAccess

  • mq:AddCustomAuthConnectBlack

DeleteMqttOutboundRule

  • mq:MqttInstanceAccess

  • mq:DeleteMqttOutboundRule

UpdateClientStatusNotifyRule

  • mq:MqttInstanceAccess

  • mq:UpdateClientStatusNotifyRule

ListClientStatusNotifyRuleInPages

  • mq:MqttInstanceAccess

  • mq:ListClientStatusNotifyRule

QueryCustomAuthIdentity

  • mq:MqttInstanceAccess

  • mq:QueryCustomAuthIdentity

ListMqttInboundRuleInPages

  • mq:MqttInstanceAccess

  • mq:ListMqttInboundRule

AddCustomAuthIdentity

  • mq:MqttInstanceAccess

  • mq:AddCustomAuthIdentity

DeleteClientStatusNotifyRule

  • mq:MqttInstanceAccess

  • mq:DeleteClientStatusNotifyRule

DeleteCustomAuthPermission

  • mq:MqttInstanceAccess

  • mq:DeleteCustomAuthPermission

DeleteCustomAuthIdentity

  • mq:MqttInstanceAccess

  • mq:DeleteCustomAuthIdentity

UpdateCustomAuthIdentity

  • mq:MqttInstanceAccess

  • mq:UpdateCustomAuthIdentity

CreateClientStatusNotifyRule

  • mq:MqttInstanceAccess

  • mq:CreateClientStatusNotifyRule

DeleteTopic

  • mq:MqttInstanceAccess

  • mq:PUB

CreateMqttOutboundRule

  • mq:MqttInstanceAccess

  • mq:CreateMqttOutboundRule

UpdateMqttInboundRule

  • mq:MqttInstanceAccess

  • mq:UpdateMqttInboundRule

ListDeviceCredentialClientId

  • mq:MqttInstanceAccess

QueryCustomAuthPermission

  • mq:MqttInstanceAccess

  • mq:QueryCustomAuthPermission

UpdateTopic

  • mq:MqttInstanceAccess

  • mq:UpdateMqttTopic

DeleteMqttInboundRule

  • mq:MqttInstanceAccess

  • mq:DeleteMqttInboundRule

UpdateCustomAuthPermission

  • mq:MqttInstanceAccess

  • mq:UpdateCustomAuthPermission

ListMqttOutboundRuleInPages

  • mq:MqttInstanceAccess

  • mq:ListMqttOutboundRule