Release Notes and Announcements

Release Notes

Announcements

Product Introduction

Introduction and Selection of the TDMQ Product Series

What Is TDMQ for RocketMQ

Strengths

Scenarios

Product Series

Comparison with Open-Source RocketMQ

High Availability

Quotas and Limits

Supported Regions

Basic Concepts

Billing

Billing Overview

Pricing

Billing Examples

Pay-as-you-go Switch to Monthly Subscription (5.x)

Renewal

Viewing Consumption Details

Refund

Overdue Payments

Getting Started

Getting Started Guide

Preparations

Step 1: Creating TDMQ for RocketMQ Resources

Step 2: Using the SDK to Send and Receive Messages (Recommended)

Step 2: Running the TDMQ for RocketMQ Client (Optional)

Step 3: Querying Messages

Step 4: Deleting Resources

User Guide

Usage Process Guide

Configuring Account Permissions

Creating the Cluster

Configuring the Namespace

Configuring the Topic

Configuring the Group

Connecting to the Cluster

Managing Messages

Managing the Cluster

Viewing Monitoring Data and Configuring Alarms

Cross-Cluster Message Replication

Use Cases

Naming Conventions for Common Concepts of TDMQ for RocketMQ

RocketMQ Client Use Cases

RocketMQ Performance Load Testing and Capacity Assessment

Access over HTTP

Client Risk Descriptions and Update Guide

Migration Guide for TencentCloud API Operations Related to RocketMQ 4.x Cluster Roles

Migration Guide

Disruptive Migration

Seamless Migration

Developer Guide

Message Types

Message Filtering

Message Retries

POP Consumption Mode (5.x)

Clustering Consumption and Broadcasting Consumption

Subscription Relationship Consistency

Traffic Throttling

API Reference(5.x)

History

API Category

Making API Requests

Topic APIs

Consumer Group APIs

Message APIs

Role Authentication APIs

Hitless Migration APIs

Cloud Migration APIs

Cluster APIs

Data Types

Error Codes

API Reference(4.x)

SDK Reference

SDK Overview

5.x SDK

4.x SDK

Security and Compliance

Permission Management

CloudAudit

Deletion Protection

FAQs

4.x Instance FAQs

Agreements

TDMQ for RocketMQ Service Level Agreement

Permission Management

PDF

Focus Mode

Font Size

Last updated: 2025-09-24 18:31:31

TDMQ for RocketMQ provides a complete enterprise-level security protection system. Through sub-account management, strict authorization and authentication mechanisms, it builds a multi-level and comprehensive security system to ensure reliable protection for each step of message transmission and fully guarantee data security.
Control Plane Permission (Account Level)
Through the Cloud Access Management (CAM) service with features like root account, sub-account, and collaborator, it enables authorization between root account and sub-account as well as across organizational accounts. It also allows controlling Tencent Cloud resources via API calls through Access Key Management by account.
Identity Verification
Access RocketMQ resources via console or call TencentCloud API. Both methods require identity authentication to access the corresponding resource.
Log in to the console: verify the login password, provides both login protection and verification strategy to enhance identity security. For details, see change login password, set up login protection.
Call TencentCloud API: verify the access key (AccessKey). The access key is secure credentials required for users to access Tencent Cloud API and perform identity verification, consisting of SecretId and SecretKey. For details, see Account Access Key Management.
Access Control
By accessing the Cloud Access Management (CAM) service, you can perform refined permission management for RocketMQ resources at the account level.
User and permission management: Create independent users or roles for department members in different functions based on the enterprise organizational structure, and allocate exclusive security credentials (console login password, cloud API key, etc.) or temporary credentials to ensure secure and controllable access to RocketMQ resources.
Fine-grained access control: Set differentiated access policies based on employee functions to precisely control the executable operations and accessible resource scope for each user/role, achieving strict permission isolation.
Detailed introduction and operation instructions refer to Grant Account Access Privileges.
Data Plane Permissions (RocketMQ Resource Level)
RocketMQ supports role-based authorization to assign independent roles to each producer and consumer, granting production/consumption permissions for different namespaces to achieve permission isolation between roles. When a client-side operation involves producing messages or consuming, the system will authenticate and reject unauthorized operations.
This mechanism effectively implements permission isolation between different business units, ensuring message system security while meeting resource control requirements in team collaboration scenarios. By adhering to the principle of least privilege, it fundamentally prevents data corruption caused by unauthorized access.
For details, see Role and Authorization.
﻿

Help and Support

Was this page helpful?

You can also Contact sales or Submit a Ticket for help.

Help us improve! Rate your documentation experience in 5 mins.

Feedback

tencent cloud

TDMQ for RocketMQ

Permission Management

Control Plane Permission (Account Level)

Identity Verification

Access Control

Data Plane Permissions (RocketMQ Resource Level)

Help and Support