Release Notes and Announcements

Release Notes

Announcements

Product Introduction

Introduction and Selection of the TDMQ Product Series

What Is TDMQ for RocketMQ

Strengths

Scenarios

Product Series

Comparison with Open-Source RocketMQ

High Availability

Quotas and Limits

Supported Regions

Basic Concepts

Billing

Billing Overview

Pricing

Billing Examples

Pay-as-you-go Switch to Monthly Subscription (5.x)

Renewal

Viewing Consumption Details

Refund

Overdue Payments

Getting Started

Getting Started Guide

Preparations

Step 1: Creating TDMQ for RocketMQ Resources

Step 2: Using the SDK to Send and Receive Messages (Recommended)

Step 2: Running the TDMQ for RocketMQ Client (Optional)

Step 3: Querying Messages

Step 4: Deleting Resources

User Guide

Usage Process Guide

Configuring Account Permissions

Creating the Cluster

Configuring the Namespace

Configuring the Topic

Configuring the Group

Connecting to the Cluster

Managing Messages

Managing the Cluster

Viewing Monitoring Data and Configuring Alarms

Cross-Cluster Message Replication

Use Cases

Naming Conventions for Common Concepts of TDMQ for RocketMQ

RocketMQ Client Use Cases

RocketMQ Performance Load Testing and Capacity Assessment

Access over HTTP

Client Risk Descriptions and Update Guide

Migration Guide for TencentCloud API Operations Related to RocketMQ 4.x Cluster Roles

Migration Guide

Disruptive Migration

Seamless Migration

Developer Guide

Message Types

Message Filtering

Message Retries

POP Consumption Mode (5.x)

Clustering Consumption and Broadcasting Consumption

Subscription Relationship Consistency

Traffic Throttling

API Reference(5.x)

History

API Category

Making API Requests

Topic APIs

Consumer Group APIs

Message APIs

Role Authentication APIs

Hitless Migration APIs

Cloud Migration APIs

Cluster APIs

Data Types

Error Codes

API Reference(4.x)

SDK Reference

SDK Overview

5.x SDK

4.x SDK

Security and Compliance

Permission Management

CloudAudit

Deletion Protection

FAQs

4.x Instance FAQs

Agreements

TDMQ for RocketMQ Service Level Agreement

Granting Permissions for Other Cloud Products to Sub-accounts

PDF

フォーカスモード

フォントサイズ

最終更新日: 2026-01-23 17:34:03

When you use TDMQ for RocketMQ, you may need to access resources of other cloud products, such as Virtual Private Cloud (VPC) and Cloud Virtual Machine (CVM). For example, you need to view the availability zone (AZ) information of a subnet. Therefore, a root account should grant its sub-accounts appropriate permissions to call other cloud products as needed.
Prerequisites
A sub-account has been created for an employee using the Tencent Cloud root account. For detailed operations, see Creating a Sub-account.
Operation Steps
Creating a Custom Policy for Accessing Other Cloud Products
1. Log in to the Cloud Access Management (CAM) console with a root account.
2. In the left sidebar, select Policies and click Create a custom policy. In the pop-up window for selecting a policy creation method, select Create according by policy syntax to go to the Create by Policy Syntax page.
3. On the Create by Policy Syntax page, select Blank Template and click Next.
4. You can refer to the following API table and policy syntax to grant sub-accounts appropriate permissions to call other cloud products as needed, create a custom policy, and click Complete after specifying all information.
When TDMQ for RocketMQ is used, calls to the following cloud products are involved. The root account should grant specific permissions to sub-accounts to ensure that the sub-accounts can use TDMQ for RocketMQ features. The following table describes calls to other cloud products involved in TDMQ for RocketMQ in the custom policy.
Cloud Product
API Name
API Feature
Role in TDMQ for RocketMQ
CVM
DescribeZones
Queries AZs.
Views the AZ of a subnet when an instance is created.
VPC
DescribeVpcs
Queries the VPC network list.
Selects the VPC network to which the instance access address belongs when an instance is created.
VPC
DescribeSubnets
Queries the VPC network list.
Selects the subnet to which the instance access address belongs when an instance is created.
Tencent Cloud Observability Platform (TCOP)
(Monitor)
GetMonitorData
Pulls metric monitoring data.
Views monitoring data in TDMQ for RocketMQ.
TCOP
(Monitor)
DescribeDashboardMetricData
Pulls metric monitoring data.
Views monitoring data in TDMQ for RocketMQ.
TCOP
(Monitor)
DescribeBaseMetrics
Pulls the metric monitoring list.
Views the TDMQ for RocketMQ monitoring list.
TCOP
(Monitor)
DescribeDashboardMetrics
Pulls metric monitoring dimensions.
Views monitoring dimensions in TDMQ for RocketMQ.
TCOP
(Monitor)
DescribeMonitorProductByIds
Pulls monitoring configurations.
Queries the monitoring product list by ID.
Tags
DescribeResourceTagsByResourceIds
Queries resource tags
Views resource tags of a cluster.
A policy syntax example is as follows:
   {
     "version": "2.0",
     "statement": [
       {
         "effect": "allow",
         "action": [
           "cvm:DescribeZones",
           "vpc:DescribeVpcs",
           "vpc:DescribeSubnets",
           "monitor:GetMonitorData",
           "monitor:DescribeDashboardMetricData",
           "monitor:DescribeBaseMetrics",
           "monitor:DescribeDashboardMetrics",
           "monitor:DescribeMonitorProductByIds",
           "monitor:DescribeOneClickAlarmConfigs",
           "tag:DescribeResourceTagsByResourceIds",
         ],
         "resource": [
           "*"
         ]
       }
     ]
   }
Associating a Custom Policy with a Sub-account
1. On the Policy Management page, click Custom Policy to filter out custom policies, locate the created custom policy, and click Associate User/Group/Role in the operation column.
﻿
﻿
﻿
2. Select the sub-account to be granted this permission and click OK to complete the authorization.
﻿
﻿
﻿
3. On the User List page, click the sub-account name to go to the user details page. The policy is displayed in the user's policy list.
﻿
﻿
﻿

ヘルプとサポート

この記事はお役に立ちましたか？

営業担当者にお問い合わせいただくかチケットを提出してサポートを求めることができます。

フィードバック

Cloud Product	API Name	API Feature	Role in TDMQ for RocketMQ
CVM	DescribeZones	Queries AZs.	Views the AZ of a subnet when an instance is created.
VPC	DescribeVpcs	Queries the VPC network list.	Selects the VPC network to which the instance access address belongs when an instance is created.
VPC	DescribeSubnets	Queries the VPC network list.	Selects the subnet to which the instance access address belongs when an instance is created.
Tencent Cloud Observability Platform (TCOP) (Monitor)	GetMonitorData	Pulls metric monitoring data.	Views monitoring data in TDMQ for RocketMQ.
TCOP (Monitor)	DescribeDashboardMetricData	Pulls metric monitoring data.	Views monitoring data in TDMQ for RocketMQ.
TCOP (Monitor)	DescribeBaseMetrics	Pulls the metric monitoring list.	Views the TDMQ for RocketMQ monitoring list.
TCOP (Monitor)	DescribeDashboardMetrics	Pulls metric monitoring dimensions.	Views monitoring dimensions in TDMQ for RocketMQ.
TCOP (Monitor)	DescribeMonitorProductByIds	Pulls monitoring configurations.	Queries the monitoring product list by ID.
Tags	DescribeResourceTagsByResourceIds	Queries resource tags	Views resource tags of a cluster.

tencent cloud

TDMQ for RocketMQ

Granting Permissions for Other Cloud Products to Sub-accounts

Prerequisites

Operation Steps

Creating a Custom Policy for Accessing Other Cloud Products

Associating a Custom Policy with a Sub-account

ヘルプとサポート