| <div role="region" aria-label="Skip to main content"><a class="skipToContent_fXgn" href="#__docusaurus_skipToContent_fallback">Skip to main content</a></div><nav aria-label="Main" class="navbar navbar--fixed-top"><div class="navbar__inner"><div class="navbar__items"><button aria-label="Toggle navigation bar" aria-expanded="false" class="navbar__toggle clean-btn" type="button"><svg width="30" height="30" viewBox="0 0 30 30" aria-hidden="true"><path stroke="currentColor" stroke-linecap="round" stroke-miterlimit="10" stroke-width="2" d="M4 7h22M4 15h22M4 23h22"></path></svg></button><a class="navbar__brand" href="/"><div class="navbar__logo"><img src="/img/Apache_RocketMQ_logo.svg.png" alt="My Site Logo" class="themedImage_ToTc themedImage--light_HNdA"><img src="/img/Apache_RocketMQ_logo.svg.png" alt="My Site Logo" class="themedImage_ToTc themedImage--dark_i4oU"></div><b class="navbar__title text--truncate">Apache RocketMQ</b></a></div><div class="navbar__items navbar__items--right"><a href="https://github.com/apache/rocketmq" target="_blank" rel="noopener noreferrer" class="navbar__item navbar__link">GitHub<svg width="13.5" height="13.5" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a><div class="navbar__item dropdown dropdown--hoverable dropdown--right"><a href="#" aria-haspopup="true" aria-expanded="false" role="button" class="navbar__link"><svg viewBox="0 0 24 24" width="20" height="20" aria-hidden="true" class="iconLanguage_nlXk"><path fill="currentColor" d="M12.87 15.07l-2.54-2.51.03-.03c1.74-1.94 2.98-4.17 3.71-6.53H17V4h-7V2H8v2H1v1.99h11.17C11.5 7.92 10.44 9.75 9 11.35 8.07 10.32 7.3 9.19 6.69 8h-2c.73 1.63 1.73 3.17 2.98 4.56l-5.09 5.02L4 19l5-5 3.11 3.11.76-2.04zM18.5 10h-2L12 22h2l1.12-3h4.75L21 22h2l-4.5-12zm-2.62 7l1.62-4.33L19.12 17h-3.24z"></path></svg>English</a><ul class="dropdown__menu"><li><a href="/zh/docs/bestPractice/03access" target="_self" rel="noopener noreferrer" class="dropdown__link" lang="zh">简体中文</a></li><li><a href="/docs/bestPractice/03access" target="_self" rel="noopener noreferrer" class="dropdown__link dropdown__link--active" lang="en">English</a></li></ul></div><div class="navbar__item dropdown dropdown--hoverable dropdown--right"><a href="#" aria-haspopup="true" aria-expanded="false" role="button" class="navbar__link">Docs</a><ul class="dropdown__menu"><li><a aria-current="page" class="dropdown__link dropdown__link--active" href="/docs/">5.0</a></li><li><a class="dropdown__link" href="/docs/4.x/">4.x</a></li></ul></div><a class="navbar__item navbar__link" href="/download">Download</a><div class="navbar__item dropdown dropdown--hoverable dropdown--right"><a href="#" aria-haspopup="true" aria-expanded="false" role="button" class="navbar__link">Blog</a><ul class="dropdown__menu"><li><a class="dropdown__link" href="/blog">User Cases</a></li><li><a class="dropdown__link" href="/events">Activity</a></li><li><a class="dropdown__link" href="/release-notes">Change Log</a></li><li><a class="dropdown__link" href="/news">RocketMQ News</a></li></ul></div><div class="navbar__item dropdown dropdown--hoverable dropdown--right"><a href="#" aria-haspopup="true" aria-expanded="false" role="button" class="navbar__link">Community</a><ul class="dropdown__menu"><li><a class="dropdown__link" href="/contact">Join Community</a></li><li><a class="dropdown__link" href="/origin">Origin</a></li><li><a class="dropdown__link" href="/team">Teams</a></li><li><a class="dropdown__link" href="/docs/contributionGuide/01how-to-contribute">Contributions</a></li><li><a class="dropdown__link" href="/enterprise">Enterprises</a></li></ul></div><div class="toggle_vylO colorModeToggle_DEke"><button class="clean-btn toggleButton_gllP toggleButtonDisabled_aARS" type="button" disabled="" title="Switch between dark and light mode (currently light mode)" aria-label="Switch between dark and light mode (currently light mode)" aria-live="polite"><svg viewBox="0 0 24 24" width="24" height="24" class="lightToggleIcon_pyhR"><path fill="currentColor" d="M12,9c1.65,0,3,1.35,3,3s-1.35,3-3,3s-3-1.35-3-3S10.35,9,12,9 M12,7c-2.76,0-5,2.24-5,5s2.24,5,5,5s5-2.24,5-5 S14.76,7,12,7L12,7z M2,13l2,0c0.55,0,1-0.45,1-1s-0.45-1-1-1l-2,0c-0.55,0-1,0.45-1,1S1.45,13,2,13z M20,13l2,0c0.55,0,1-0.45,1-1 s-0.45-1-1-1l-2,0c-0.55,0-1,0.45-1,1S19.45,13,20,13z M11,2v2c0,0.55,0.45,1,1,1s1-0.45,1-1V2c0-0.55-0.45-1-1-1S11,1.45,11,2z M11,20v2c0,0.55,0.45,1,1,1s1-0.45,1-1v-2c0-0.55-0.45-1-1-1C11.45,19,11,19.45,11,20z M5.99,4.58c-0.39-0.39-1.03-0.39-1.41,0 c-0.39,0.39-0.39,1.03,0,1.41l1.06,1.06c0.39,0.39,1.03,0.39,1.41,0s0.39-1.03,0-1.41L5.99,4.58z M18.36,16.95 c-0.39-0.39-1.03-0.39-1.41,0c-0.39,0.39-0.39,1.03,0,1.41l1.06,1.06c0.39,0.39,1.03,0.39,1.41,0c0.39-0.39,0.39-1.03,0-1.41 L18.36,16.95z M19.42,5.99c0.39-0.39,0.39-1.03,0-1.41c-0.39-0.39-1.03-0.39-1.41,0l-1.06,1.06c-0.39,0.39-0.39,1.03,0,1.41 s1.03,0.39,1.41,0L19.42,5.99z M7.05,18.36c0.39-0.39,0.39-1.03,0-1.41c-0.39-0.39-1.03-0.39-1.41,0l-1.06,1.06 c-0.39,0.39-0.39,1.03,0,1.41s1.03,0.39,1.41,0L7.05,18.36z"></path></svg><svg viewBox="0 0 24 24" width="24" height="24" class="darkToggleIcon_wfgR"><path fill="currentColor" d="M9.37,5.51C9.19,6.15,9.1,6.82,9.1,7.5c0,4.08,3.32,7.4,7.4,7.4c0.68,0,1.35-0.09,1.99-0.27C17.45,17.19,14.93,19,12,19 c-3.86,0-7-3.14-7-7C5,9.07,6.81,6.55,9.37,5.51z M12,3c-4.97,0-9,4.03-9,9s4.03,9,9,9s9-4.03,9-9c0-0.46-0.04-0.92-0.1-1.36 c-0.98,1.37-2.58,2.26-4.4,2.26c-2.98,0-5.4-2.42-5.4-5.4c0-1.81,0.89-3.42,2.26-4.4C12.92,3.04,12.46,3,12,3L12,3z"></path></svg></button></div><div class="searchBox_ZlJk"><button type="button" class="DocSearch DocSearch-Button" aria-label="Search"><span class="DocSearch-Button-Container"><svg width="20" height="20" class="DocSearch-Search-Icon" viewBox="0 0 20 20" aria-hidden="true"><path d="M14.386 14.386l4.0877 4.0877-4.0877-4.0877c-2.9418 2.9419-7.7115 2.9419-10.6533 0-2.9419-2.9418-2.9419-7.7115 0-10.6533 2.9418-2.9419 7.7115-2.9419 10.6533 0 2.9419 2.9418 2.9419 7.7115 0 10.6533z" stroke="currentColor" fill="none" fill-rule="evenodd" stroke-linecap="round" stroke-linejoin="round"></path></svg><span class="DocSearch-Button-Placeholder">Search</span></span><span class="DocSearch-Button-Keys"></span></button></div></div></div><div role="presentation" class="navbar-sidebar__backdrop"></div></nav><div id="__docusaurus_skipToContent_fallback" class="main-wrapper mainWrapper_z2l0 docsWrapper_BCFX"><button aria-label="Scroll back to top" class="clean-btn theme-back-to-top-button backToTopButton_sjWU" type="button"></button><div class="docPage__5DB"><aside class="theme-doc-sidebar-container docSidebarContainer_b6E3"><div class="sidebarViewport_Xe31"><div class="sidebar_njMd"><nav aria-label="Docs sidebar" class="menu thin-scrollbar menu_SIkG"><ul class="theme-doc-sidebar-menu menu__list"><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-1 menu__list-item menu__list-item--collapsed"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist menu__link--sublist-caret" aria-expanded="false" href="/docs/">Introduction</a></div></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-1 menu__list-item menu__list-item--collapsed"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist menu__link--sublist-caret" aria-expanded="false" href="/docs/quickStart/01quickstart">Quick Start</a></div></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-1 menu__list-item menu__list-item--collapsed"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist menu__link--sublist-caret" aria-expanded="false" href="/docs/domainModel/01main">Domain Model</a></div></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-1 menu__list-item menu__list-item--collapsed"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist menu__link--sublist-caret" aria-expanded="false" href="/docs/featureBehavior/01normalmessage">Feature Behavior</a></div></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-1 menu__list-item menu__list-item--collapsed"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist menu__link--sublist-caret" aria-expanded="false" href="/docs/deploymentOperations/01deploy">Deployment & Operations</a></div></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-1 menu__list-item menu__list-item--collapsed"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist menu__link--sublist-caret" aria-expanded="false" href="/docs/observability/01metrics">Observability</a></div></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-1 menu__list-item menu__list-item--collapsed"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist menu__link--sublist-caret" aria-expanded="false" href="/docs/sdk/01overview">Client SDK</a></div></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-1 menu__list-item"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist menu__link--sublist-caret menu__link--active" aria-expanded="true" href="/docs/bestPractice/01bestpractice">Best Practice</a></div><ul style="display:block;overflow:visible;height:auto" class="menu__list"><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/docs/bestPractice/01bestpractice">Basic Best Practices</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/docs/bestPractice/02dledger">DLedger</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link menu__link--active" aria-current="page" tabindex="0" href="/docs/bestPractice/03access">Access Control</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/docs/bestPractice/04JVMOS">JVM/OS Configuration</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/docs/bestPractice/05subscribe">Consistent Subscription Relationship</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/docs/bestPractice/06FAQ">FAQs</a></li></ul></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-1 menu__list-item menu__list-item--collapsed"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist menu__link--sublist-caret" aria-expanded="false" href="/docs/eventbridge/01RocketMQEventBridgeConcepts">RocketMQ EventBridge</a></div></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-1 menu__list-item menu__list-item--collapsed"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist menu__link--sublist-caret" aria-expanded="false" href="/docs/mqtt/01RocketMQMQTTOverview">RocketMQ MQTT</a></div></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-1 menu__list-item menu__list-item--collapsed"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist menu__link--sublist-caret" aria-expanded="false" href="/docs/connect/01RocketMQ Connect Overview">RocketMQ Connect</a></div></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-1 menu__list-item menu__list-item--collapsed"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist menu__link--sublist-caret" aria-expanded="false" href="/docs/streams/01RocketMQ Streams Overview">RocketMQ Streams</a></div></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-1 menu__list-item menu__list-item--collapsed"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist menu__link--sublist-caret" aria-expanded="false" href="/docs/contributionGuide/01how-to-contribute">Contribution Guide</a></div></li></ul></nav></div></div></aside><main class="docMainContainer_gTbr"><div class="container padding-top--md padding-bottom--lg"><div class="row"><div class="col docItemCol_VOVn"><div class="docItemContainer_Djhp"><article><nav class="theme-doc-breadcrumbs breadcrumbsContainer_Z_bl" aria-label="Breadcrumbs"><ul class="breadcrumbs" itemscope="" itemtype="https://schema.org/BreadcrumbList"><li class="breadcrumbs__item"><a aria-label="Home page" class="breadcrumbs__link" href="/"><svg viewBox="0 0 24 24" class="breadcrumbHomeIcon_YNFT"><path d="M10 19v-5h4v5c0 .55.45 1 1 1h3c.55 0 1-.45 1-1v-7h1.7c.46 0 .68-.57.33-.87L12.67 3.6c-.38-.34-.96-.34-1.34 0l-8.36 7.53c-.34.3-.13.87.33.87H5v7c0 .55.45 1 1 1h3c.55 0 1-.45 1-1z" fill="currentColor"></path></svg></a></li><li class="breadcrumbs__item"><span class="breadcrumbs__link">Best Practice</span><meta itemprop="position" content="1"></li><li itemscope="" itemprop="itemListElement" itemtype="https://schema.org/ListItem" class="breadcrumbs__item breadcrumbs__item--active"><span class="breadcrumbs__link" itemprop="name">Access Control</span><meta itemprop="position" content="2"></li></ul></nav><span class="theme-doc-version-badge badge badge--secondary">Version: 5.0</span><div class="tocCollapsible_ETCw theme-doc-toc-mobile tocMobile_ITEo"><button type="button" class="clean-btn tocCollapsibleButton_TO0P">On this page</button></div><div class="theme-doc-markdown markdown"><h1>Access Control</h1><h2 class="anchor anchorWithStickyNavbar_LWe7" id="1-introduction-to-access-control-features">1. Introduction to access control features<a href="#1-introduction-to-access-control-features" class="hash-link" aria-label="Direct link to heading" title="Direct link to heading"></a></h2><p>access control (ACL) mainly provides advanced access control functions at the Topic resource level for RocketMQ. When using RocketMQ access control, users can inject user name and password parameters into the client to achieve signature, and the server can implement permission management and verification of various resources through access control parameters.</p><div class="theme-admonition theme-admonition-info alert alert--info admonition_LlT9"><div class="admonitionHeading_tbUL"><span class="admonitionIcon_kALy"><svg viewBox="0 0 14 16"><path fill-rule="evenodd" d="M7 2.3c3.14 0 5.7 2.56 5.7 5.7s-2.56 5.7-5.7 5.7A5.71 5.71 0 0 1 1.3 8c0-3.14 2.56-5.7 5.7-5.7zM7 1C3.14 1 0 4.14 0 8s3.14 7 7 7 7-3.14 7-7-3.14-7-7-7zm1 3H6v5h2V4zm0 6H6v2h2v-2z"></path></svg></span>info</div><div class="admonitionContent_S0QG"><p>ACL control will increase the complexity of deployment process and operation and maintenance management while enhancing cluster access control security. It is generally only recommended for use in scenarios where the network environment is not secure, business data is sensitive, and multiple departments and tenants are mixed. If the production cluster itself is a private cluster and is not accessed by external departments and tenants, it can be turned off.</p></div></div><h2 class="anchor anchorWithStickyNavbar_LWe7" id="2-definition-and-attribute-values-of-access-control">2. Definition and attribute values of access control<a href="#2-definition-and-attribute-values-of-access-control" class="hash-link" aria-label="Direct link to heading" title="Direct link to heading"></a></h2><h3 class="anchor anchorWithStickyNavbar_LWe7" id="21-permission-definition">2.1 Permission definition<a href="#21-permission-definition" class="hash-link" aria-label="Direct link to heading" title="Direct link to heading"></a></h3><p>The definition of access access control for RocketMQ Topic resources is mainly as shown in the following table, divided into the following four categories:</p><table><thead><tr><th>Permission</th><th>Definition</th></tr></thead><tbody><tr><td>DENY</td><td>reject</td></tr><tr><td>ANY</td><td>PUB or SUB permission</td></tr><tr><td>PUB</td><td>send permission</td></tr><tr><td>SUB</td><td>subscribe permission</td></tr></tbody></table><h3 class="anchor anchorWithStickyNavbar_LWe7" id="22-key-attributes-of-permission-definitions">2.2 Key attributes of permission definitions<a href="#22-key-attributes-of-permission-definitions" class="hash-link" aria-label="Direct link to heading" title="Direct link to heading"></a></h3><table><thead><tr><th>Field</th><th>Value</th><th>Definition</th></tr></thead><tbody><tr><td>globalWhiteRemoteAddresses</td><td>*<!-- -->;192.168.<!-- -->*<!-- -->.<!-- -->*<!-- -->;192.168.0.1</td><td>Global IP whitelist</td></tr><tr><td>accessKey</td><td>string</td><td>Access Key</td></tr><tr><td>secretKey</td><td>string</td><td>Secret Key</td></tr><tr><td>whiteRemoteAddress</td><td>*<!-- -->;192.168.<!-- -->*<!-- -->.<!-- -->*<!-- -->;192.168.0.1</td><td>User IP whitelist</td></tr><tr><td>admin</td><td>true;false</td><td>Whether it is an administrator account</td></tr><tr><td>defaultTopicPerm</td><td>DENY;PUB;SUB;PUB<!-- -->|<!-- -->SUB</td><td>default Topic permission</td></tr><tr><td>defaultGroupPerm</td><td>DENY;PUB;SUB;PUB<!-- -->|<!-- -->SUB</td><td>defalutl ConsumerGroup permission</td></tr><tr><td>topicPerms</td><td>topic=permission</td><td>Permissions for each Topic</td></tr><tr><td>groupPerms</td><td>group=permission</td><td>Permissions for each Consumer Group</td></tr></tbody></table><p>Refer to the <strong>distribution/conf/plain_acl.yml</strong> configuration file for specific information.</p><h2 class="anchor anchorWithStickyNavbar_LWe7" id="3-deployment-of-clusters-supporting-access-control">3. Deployment of clusters supporting access control<a href="#3-deployment-of-clusters-supporting-access-control" class="hash-link" aria-label="Direct link to heading" title="Direct link to heading"></a></h2><p>After defining the permission attributes in the <strong>distribution/conf/plain_acl.yml</strong> configuration file as described above, you can turn on the ACL feature of the RocketMQ cluster by turning on the <strong>aclEnable</strong> switch variable. Here is the properties configuration file content for enabling the ACL feature on the Broker:</p><div class="codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#393A34;--prism-background-color:#f6f8fa"><div class="codeBlockContent_biex"><pre tabindex="0" class="prism-code language-text codeBlock_bY9V thin-scrollbar"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#393A34"><span class="token plain">brokerClusterName=DefaultCluster</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">brokerName=broker-a</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">brokerId=0</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">deleteWhen=04</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">fileReservedTime=48</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">brokerRole=ASYNC_MASTER</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">flushDiskType=ASYNC_FLUSH</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">storePathRootDir=/data/rocketmq/rootdir-a-m</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">storePathCommitLog=/data/rocketmq/commitlog-a-m</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">autoCreateSubscriptionGroup=true</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">## if acl is open,the flag will be true</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">aclEnable=true</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">listenPort=10911</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">brokerIP1=XX.XX.XX.XX1</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">namesrvAddr=XX.XX.XX.XX:9876</span><br></span></code></pre><div class="buttonGroup__atx"><button type="button" aria-label="Copy code to clipboard" title="Copy" class="clean-btn"><span class="copyButtonIcons_eSgA" aria-hidden="true"><svg viewBox="0 0 24 24" class="copyButtonIcon_y97N"><path fill="currentColor" d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z"></path></svg><svg viewBox="0 0 24 24" class="copyButtonSuccessIcon_LjdS"><path fill="currentColor" d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z"></path></svg></span></button></div></div></div><h2 class="anchor anchorWithStickyNavbar_LWe7" id="4-main-process-of-access-control">4. Main process of access control<a href="#4-main-process-of-access-control" class="hash-link" aria-label="Direct link to heading" title="Direct link to heading"></a></h2><p>The main process of ACL is divided into two parts, mainly including permission parsing and permission verification.</p><h3 class="anchor anchorWithStickyNavbar_LWe7" id="41-permission-parsing">4.1 Permission parsing<a href="#41-permission-parsing" class="hash-link" aria-label="Direct link to heading" title="Direct link to heading"></a></h3><p>The Broker parses the client's RequestCommand request and gets the attributes fields that need to be authenticated, mainly including:</p><ol><li>AccessKey: Similar to a username, it refers to the user subject and corresponds to the permission data.</li><li>Signature: A string obtained by the client signing with the SecretKey, which the server then verifies with the SecretKey.</li></ol><h3 class="anchor anchorWithStickyNavbar_LWe7" id="42-permission-verification">4.2 Permission verification<a href="#42-permission-verification" class="hash-link" aria-label="Direct link to heading" title="Direct link to heading"></a></h3><p>The permission verification logic on the Broker side is mainly divided into the following steps:</p><ol><li>Check if it hits the global IP whitelist; if it is, it is considered to have passed the verification; otherwise, go to 2.</li><li>Check if it hits the user IP whitelist; if it is, it is considered to have passed the verification; otherwise, go to 3.</li><li>Verify the signature, if the verification fails, throw an exception; if it passes, go to 4.</li><li>Verify the permissions required by the user request against the permissions owned by the user; if it fails, throw an exception.</li></ol><p>The verification of the required permissions for the user needs to pay attention to the following content:</p><ol><li>Special requests such as UPDATE_AND_CREATE_TOPIC can only be operated by the admin account.</li><li>For a certain resource, if there is an explicit configuration permission, the configured permission is used; if there is no explicit configuration permission, the default permission is used.</li></ol><h2 class="anchor anchorWithStickyNavbar_LWe7" id="5-hot-reload-modified-access-control-definitions">5. Hot reload modified access control definitions<a href="#5-hot-reload-modified-access-control-definitions" class="hash-link" aria-label="Direct link to heading" title="Direct link to heading"></a></h2><p>The default implementation of RocketMQ's access control storage is based on the yml configuration file. Users can dynamically modify the properties of the access control definition without restarting the Broker service node.</p><h2 class="anchor anchorWithStickyNavbar_LWe7" id="6-usage-limits-for-access-control">6. Usage limits for access control<a href="#6-usage-limits-for-access-control" class="hash-link" aria-label="Direct link to heading" title="Direct link to heading"></a></h2><ol><li>If ACL is enabled together with high availability deployment (Master/Slave architecture), you need to set the global whitelist information in the distribution/conf/plain_acl.yml configuration file on the Broker Master node, that is, set the IP address of the Slave node to the global whitelist in the plain_acl.yml configuration file on the Master node.</li><li>If ACL is enabled together with high availability deployment (multi-replica Dledger architecture), because the primary node will be automatically selected in the Dledger Group when a node goes down, you need to set the whitelist in the plain_acl.yml configuration file of all Broker nodes in the Dledger Group to the IP address of all Broker nodes.</li></ol><h2 class="anchor anchorWithStickyNavbar_LWe7" id="7-acl-mqadmin-configuration-management-commands">7. ACL mqadmin configuration management commands<a href="#7-acl-mqadmin-configuration-management-commands" class="hash-link" aria-label="Direct link to heading" title="Direct link to heading"></a></h2><h3 class="anchor anchorWithStickyNavbar_LWe7" id="71-update-the-value-of-the-account-attribute-in-the-acl-configuration-file">7.1 Update the value of the "account" attribute in the ACL configuration file<a href="#71-update-the-value-of-the-account-attribute-in-the-acl-configuration-file" class="hash-link" aria-label="Direct link to heading" title="Direct link to heading"></a></h3><p>An example of this command is as follows:</p><div class="language-shell codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#393A34;--prism-background-color:#f6f8fa"><div class="codeBlockContent_biex"><pre tabindex="0" class="prism-code language-shell codeBlock_bY9V thin-scrollbar"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#393A34"><span class="token plain">$ </span><span class="token function" style="color:#d73a49">sh</span><span class="token plain"> mqadmin updateAclConfig -n </span><span class="token number" style="color:#36acaa">192.168</span><span class="token plain">.1.2:9876 -b </span><span class="token number" style="color:#36acaa">192.168</span><span class="token plain">.12.134:10911 -a RocketMQ -s </span><span class="token number" style="color:#36acaa">1234567809123</span><span class="token plain"> -t </span><span class="token assign-left variable" style="color:#36acaa">topicA</span><span class="token operator" style="color:#393A34">=</span><span class="token plain">DENY,topicD</span><span class="token operator" style="color:#393A34">=</span><span class="token plain">SUB -g </span><span class="token assign-left variable" style="color:#36acaa">groupD</span><span class="token operator" style="color:#393A34">=</span><span class="token plain">DENY,groupB</span><span class="token operator" style="color:#393A34">=</span><span class="token plain">SUB</span><br></span></code></pre><div class="buttonGroup__atx"><button type="button" aria-label="Copy code to clipboard" title="Copy" class="clean-btn"><span class="copyButtonIcons_eSgA" aria-hidden="true"><svg viewBox="0 0 24 24" class="copyButtonIcon_y97N"><path fill="currentColor" d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z"></path></svg><svg viewBox="0 0 24 24" class="copyButtonSuccessIcon_LjdS"><path fill="currentColor" d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z"></path></svg></span></button></div></div></div><p>Explain: If it does not exist, it will be created in the ACL Config YAML configuration file; if it exists, it will update the corresponding "accounts" attribute; if the specified cluster name is specified, the command will be executed on each broker node in the cluster; otherwise, the command will be executed on a single broker node.</p><table><thead><tr><th>Parameter</th><th>Value</th><th>Definition</th></tr></thead><tbody><tr><td>n</td><td>eg:192.168.1.2:9876</td><td>Namesrv address (required)</td></tr><tr><td>c</td><td>eg:DefaultCluster</td><td>Specify cluster name(Choose one with the broker address)</td></tr><tr><td>b</td><td>eg:192.168.12.134:10911</td><td>Specify broker address(Choose one with the cluster name)</td></tr><tr><td>a</td><td>eg:RocketMQ</td><td>Access Key value(required)</td></tr><tr><td>s</td><td>eg:1234567809123</td><td>Secret Key value(optional)</td></tr><tr><td>m</td><td>eg:true</td><td>Whether it is an administrator account (optional)</td></tr><tr><td>w</td><td>eg:192.168.0.*</td><td>whiteRemoteAddress,user IP whitelist (optional)</td></tr><tr><td>i</td><td>eg:DENY;PUB;SUB;PUB<!-- -->|<!-- -->SUB</td><td>defaultTopicPerm,default Topic permissions (optional)</td></tr><tr><td>u</td><td>eg:DENY;PUB;SUB;PUB<!-- -->|<!-- -->SUB</td><td>defaultGroupPerm,default Consumer Group permissions (optional)</td></tr><tr><td>t</td><td>eg:topicA=DENY,topicD=SUB</td><td>topicPerms,permissions for each Topic (optional)</td></tr><tr><td>g</td><td>eg:groupD=DENY,groupB=SUB</td><td>groupPerms,permissions for each Consumer Group (optional)</td></tr></tbody></table><h3 class="anchor anchorWithStickyNavbar_LWe7" id="72-delete-the-corresponding-account-in-the-acl-configuration-file">7.2 Delete the corresponding "account" in the ACL configuration file<a href="#72-delete-the-corresponding-account-in-the-acl-configuration-file" class="hash-link" aria-label="Direct link to heading" title="Direct link to heading"></a></h3><p>An example of this command is as follows:</p><div class="language-shell codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#393A34;--prism-background-color:#f6f8fa"><div class="codeBlockContent_biex"><pre tabindex="0" class="prism-code language-shell codeBlock_bY9V thin-scrollbar"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#393A34"><span class="token plain">$ </span><span class="token function" style="color:#d73a49">sh</span><span class="token plain"> mqadmin deleteAccessConfig -n </span><span class="token number" style="color:#36acaa">192.168</span><span class="token plain">.1.2:9876 -c DefaultCluster -a RocketMQ</span><br></span></code></pre><div class="buttonGroup__atx"><button type="button" aria-label="Copy code to clipboard" title="Copy" class="clean-btn"><span class="copyButtonIcons_eSgA" aria-hidden="true"><svg viewBox="0 0 24 24" class="copyButtonIcon_y97N"><path fill="currentColor" d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z"></path></svg><svg viewBox="0 0 24 24" class="copyButtonSuccessIcon_LjdS"><path fill="currentColor" d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z"></path></svg></span></button></div></div></div><p>Explain: If the specified cluster name is specified, the command will be executed on each broker node in the cluster; otherwise, the command will be executed on a single broker node. The parameter "a" is the value of the Access Key, which is used to identify the unique account ID, so the account ID can be specified in the command parameter.</p><table><thead><tr><th>Parameter</th><th>Value</th><th>Definition</th></tr></thead><tbody><tr><td>n</td><td>eg:192.168.1.2:9876</td><td>namesrv address(required)</td></tr><tr><td>c</td><td>eg:DefaultCluster</td><td>Specify cluster name(Choose one with the broker address)</td></tr><tr><td>b</td><td>eg:192.168.12.134:10911</td><td>Specify broker address(Choose one with the cluster name)</td></tr><tr><td>a</td><td>eg:RocketMQ</td><td>Access Key value(required)</td></tr></tbody></table><h3 class="anchor anchorWithStickyNavbar_LWe7" id="73-update-the-global-whitelist-in-the-acl-configuration-file">7.3 Update the global whitelist in the ACL configuration file<a href="#73-update-the-global-whitelist-in-the-acl-configuration-file" class="hash-link" aria-label="Direct link to heading" title="Direct link to heading"></a></h3><p>An example of this command is as follows:</p><div class="language-shell codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#393A34;--prism-background-color:#f6f8fa"><div class="codeBlockContent_biex"><pre tabindex="0" class="prism-code language-shell codeBlock_bY9V thin-scrollbar"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#393A34"><span class="token function" style="color:#d73a49">sh</span><span class="token plain"> mqadmin updateGlobalWhiteAddr -n </span><span class="token number" style="color:#36acaa">192.168</span><span class="token plain">.1.2:9876 -b </span><span class="token number" style="color:#36acaa">192.168</span><span class="token plain">.12.134:10911 -g </span><span class="token number" style="color:#36acaa">10.10</span><span class="token plain">.154.1,10.10.154.2</span><br></span></code></pre><div class="buttonGroup__atx"><button type="button" aria-label="Copy code to clipboard" title="Copy" class="clean-btn"><span class="copyButtonIcons_eSgA" aria-hidden="true"><svg viewBox="0 0 24 24" class="copyButtonIcon_y97N"><path fill="currentColor" d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z"></path></svg><svg viewBox="0 0 24 24" class="copyButtonSuccessIcon_LjdS"><path fill="currentColor" d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z"></path></svg></span></button></div></div></div><p>Explain: If the specified cluster name is specified, the command will be executed on each broker node in the cluster; otherwise, the command will be executed on a single broker node. The parameter "g" is the value of the global IP whitelist, which is used to update the "globalWhiteRemoteAddresses" field attribute value in the ACL configuration file.</p><table><thead><tr><th>Parameter</th><th>Value</th><th>Definition</th></tr></thead><tbody><tr><td>n</td><td>eg:192.168.1.2:9876</td><td>namesrv address(required)</td></tr><tr><td>c</td><td>eg:DefaultCluster</td><td>Specify cluster name(Choose one with the broker address)</td></tr><tr><td>b</td><td>eg:192.168.12.134:10911</td><td>Specify broker address(Choose one with the cluster name)</td></tr><tr><td>g</td><td>eg:10.10.154.1,10.10.154.2</td><td>Global IP whitelist(required)</td></tr></tbody></table><h3 class="anchor anchorWithStickyNavbar_LWe7" id="74-query-the-acl-configuration-file-version-information-of-the-cluster-broker">7.4 Query the ACL configuration file version information of the cluster Broker<a href="#74-query-the-acl-configuration-file-version-information-of-the-cluster-broker" class="hash-link" aria-label="Direct link to heading" title="Direct link to heading"></a></h3><p>An example of this command is as follows:</p><div class="language-shell codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#393A34;--prism-background-color:#f6f8fa"><div class="codeBlockContent_biex"><pre tabindex="0" class="prism-code language-shell codeBlock_bY9V thin-scrollbar"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#393A34"><span class="token function" style="color:#d73a49">sh</span><span class="token plain"> mqadmin clusterAclConfigVersion -n </span><span class="token number" style="color:#36acaa">192.168</span><span class="token plain">.1.2:9876 -c DefaultCluster</span><br></span></code></pre><div class="buttonGroup__atx"><button type="button" aria-label="Copy code to clipboard" title="Copy" class="clean-btn"><span class="copyButtonIcons_eSgA" aria-hidden="true"><svg viewBox="0 0 24 24" class="copyButtonIcon_y97N"><path fill="currentColor" d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z"></path></svg><svg viewBox="0 0 24 24" class="copyButtonSuccessIcon_LjdS"><path fill="currentColor" d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z"></path></svg></span></button></div></div></div><p>Explain: If the specified cluster name is specified, the command will be executed on each broker node in the cluster; otherwise, the command will be executed on a single broker node.</p><table><thead><tr><th>Parameter</th><th>Value</th><th>Definition</th></tr></thead><tbody><tr><td>n</td><td>eg:192.168.1.2:9876</td><td>namesrv address(required)</td></tr><tr><td>c</td><td>eg:DefaultCluster</td><td>Specify cluster name(Choose one with the broker address)</td></tr><tr><td>b</td><td>eg:192.168.12.134:10911</td><td>Specify broker address(Choose one with the cluster name)</td></tr></tbody></table><h3 class="anchor anchorWithStickyNavbar_LWe7" id="75-query-the-entire-contents-of-the-acl-configuration-file-of-the-cluster-broker">7.5 Query the entire contents of the ACL configuration file of the cluster Broker<a href="#75-query-the-entire-contents-of-the-acl-configuration-file-of-the-cluster-broker" class="hash-link" aria-label="Direct link to heading" title="Direct link to heading"></a></h3><p>An example of this command is as follows:</p><div class="language-shell codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#393A34;--prism-background-color:#f6f8fa"><div class="codeBlockContent_biex"><pre tabindex="0" class="prism-code language-shell codeBlock_bY9V thin-scrollbar"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#393A34"><span class="token function" style="color:#d73a49">sh</span><span class="token plain"> mqadmin getAccessConfigSubCommand -n </span><span class="token number" style="color:#36acaa">192.168</span><span class="token plain">.1.2:9876 -c DefaultCluster</span><br></span></code></pre><div class="buttonGroup__atx"><button type="button" aria-label="Copy code to clipboard" title="Copy" class="clean-btn"><span class="copyButtonIcons_eSgA" aria-hidden="true"><svg viewBox="0 0 24 24" class="copyButtonIcon_y97N"><path fill="currentColor" d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z"></path></svg><svg viewBox="0 0 24 24" class="copyButtonSuccessIcon_LjdS"><path fill="currentColor" d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z"></path></svg></span></button></div></div></div><p>Explain: If the specified cluster name is specified, the command will be executed on each broker node in the cluster; Otherwise, the command is executed on a single broker node.</p><table><thead><tr><th>Parameter</th><th>Value</th><th>Definition</th></tr></thead><tbody><tr><td>n</td><td>eg:192.168.1.2:9876</td><td>namesrv address(required)</td></tr><tr><td>c</td><td>eg:DefaultCluster</td><td>Specify cluster name(Choose one with the broker address)</td></tr><tr><td>b</td><td>eg:192.168.12.134:10911</td><td>Specify broker address(Choose one with the cluster name)</td></tr></tbody></table><p><strong>Special attention</strong>: The problem of abnormal data synchronization of Broker under Master/Slave and Dledger modes after Acl authentication is enabled has been fixed in the <!-- -->[4.5.1]<!-- --> version of the community. The specific PR link is: <a href="https://github.com/apache/rocketmq/pull/1149" target="_blank" rel="noopener noreferrer">https://github.com/apache/rocketmq/pull/1149</a></p></div><footer class="theme-doc-footer docusaurus-mt-lg"><div class="theme-doc-footer-edit-meta-row row"><div class="col"><a href="https://github.com/apache/rocketmq-site/tree/new-official-website/versioned_docs/version-5.0/06-bestPractice/03access.md" target="_blank" rel="noreferrer noopener" class="theme-edit-this-page"><svg fill="currentColor" height="20" width="20" viewBox="0 0 40 40" class="iconEdit_Z9Sw" aria-hidden="true"><g><path d="m34.5 11.7l-3 3.1-6.3-6.3 3.1-3q0.5-0.5 1.2-0.5t1.1 0.5l3.9 3.9q0.5 0.4 0.5 1.1t-0.5 1.2z m-29.5 17.1l18.4-18.5 6.3 6.3-18.4 18.4h-6.3v-6.2z"></path></g></svg>Edit this page</a></div><div class="col lastUpdated_vwxv"></div></div></footer></article><nav class="pagination-nav docusaurus-mt-lg" aria-label="Docs pages navigation"><a class="pagination-nav__link pagination-nav__link--prev" href="/docs/bestPractice/02dledger"><div class="pagination-nav__sublabel">Previous</div><div class="pagination-nav__label">DLedger</div></a><a class="pagination-nav__link pagination-nav__link--next" href="/docs/bestPractice/04JVMOS"><div class="pagination-nav__sublabel">Next</div><div class="pagination-nav__label">JVM/OS Configuration</div></a></nav></div></div><div class="col col--3"><div class="tableOfContents_bqdL thin-scrollbar theme-doc-toc-desktop"><ul class="table-of-contents table-of-contents__left-border"><li><a href="#1-introduction-to-access-control-features" class="table-of-contents__link toc-highlight">1. Introduction to access control features</a></li><li><a href="#2-definition-and-attribute-values-of-access-control" class="table-of-contents__link toc-highlight">2. Definition and attribute values of access control</a><ul><li><a href="#21-permission-definition" class="table-of-contents__link toc-highlight">2.1 Permission definition</a></li><li><a href="#22-key-attributes-of-permission-definitions" class="table-of-contents__link toc-highlight">2.2 Key attributes of permission definitions</a></li></ul></li><li><a href="#3-deployment-of-clusters-supporting-access-control" class="table-of-contents__link toc-highlight">3. Deployment of clusters supporting access control</a></li><li><a href="#4-main-process-of-access-control" class="table-of-contents__link toc-highlight">4. Main process of access control</a><ul><li><a href="#41-permission-parsing" class="table-of-contents__link toc-highlight">4.1 Permission parsing</a></li><li><a href="#42-permission-verification" class="table-of-contents__link toc-highlight">4.2 Permission verification</a></li></ul></li><li><a href="#5-hot-reload-modified-access-control-definitions" class="table-of-contents__link toc-highlight">5. Hot reload modified access control definitions</a></li><li><a href="#6-usage-limits-for-access-control" class="table-of-contents__link toc-highlight">6. Usage limits for access control</a></li><li><a href="#7-acl-mqadmin-configuration-management-commands" class="table-of-contents__link toc-highlight">7. ACL mqadmin configuration management commands</a><ul><li><a href="#71-update-the-value-of-the-account-attribute-in-the-acl-configuration-file" class="table-of-contents__link toc-highlight">7.1 Update the value of the "account" attribute in the ACL configuration file</a></li><li><a href="#72-delete-the-corresponding-account-in-the-acl-configuration-file" class="table-of-contents__link toc-highlight">7.2 Delete the corresponding "account" in the ACL configuration file</a></li><li><a href="#73-update-the-global-whitelist-in-the-acl-configuration-file" class="table-of-contents__link toc-highlight">7.3 Update the global whitelist in the ACL configuration file</a></li><li><a href="#74-query-the-acl-configuration-file-version-information-of-the-cluster-broker" class="table-of-contents__link toc-highlight">7.4 Query the ACL configuration file version information of the cluster Broker</a></li><li><a href="#75-query-the-entire-contents-of-the-acl-configuration-file-of-the-cluster-broker" class="table-of-contents__link toc-highlight">7.5 Query the entire contents of the ACL configuration file of the cluster Broker</a></li></ul></li></ul></div></div></div></div></main></div></div><footer class="footer footer--dark"><div class="container container-fluid"><div class="row footer__links"><div class="col footer__col"><div class="footer__title">Learn</div><ul class="footer__items clean-list"><li class="footer__item"><a class="footer__link-item" href="/docs/domainModel/01main">Introduction</a></li><li class="footer__item"><a class="footer__link-item" href="/docs/quickStart/01quickstart">Installation</a></li><li class="footer__item"><a class="footer__link-item" href="/version">Migration from 4.x to 5.0</a></li></ul></div><div class="col footer__col"><div class="footer__title">Community</div><ul class="footer__items clean-list"><li class="footer__item"><a href="https://twitter.com/ApacheRocketMQ" target="_blank" rel="noopener noreferrer" class="footer__link-item">Twitter<svg width="13.5" height="13.5" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a></li><li class="footer__item"><a href="https://github.com/apache/rocketmq" target="_blank" rel="noopener noreferrer" class="footer__link-item">Github</a></li><li class="footer__item"><a href="https://github.com/apache/rocketmq" target="_blank" rel="noopener noreferrer" class="footer__link-item">Help</a></li></ul></div><div class="col footer__col"><div class="footer__title">More</div><ul class="footer__items clean-list"><li class="footer__item"><a class="footer__link-item" href="/blog">Blog</a></li><li class="footer__item"><a class="footer__link-item" href="/release-notes">Changelog</a></li><li class="footer__item"><a href="https://github.com/apache/rocketmq" target="_blank" rel="noopener noreferrer" class="footer__link-item">GitHub<svg width="13.5" height="13.5" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a></li><li class="footer__item"><a href="https://twitter.com/docusaurus" target="_blank" rel="noopener noreferrer" class="footer__link-item">Twitter<svg width="13.5" height="13.5" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a></li></ul></div><div class="col footer__col"><div class="footer__title">Legal</div><ul class="footer__items clean-list"><li class="footer__item"><a href="https://www.apache.org/licenses/" target="_blank" rel="noopener noreferrer" class="footer__link-item">Licenses<svg width="13.5" height="13.5" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a></li><li class="footer__item"><a href="https://www.apache.org/security/" target="_blank" rel="noopener noreferrer" class="footer__link-item">Security<svg width="13.5" height="13.5" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a></li><li class="footer__item"><a href="https://www.apache.org/foundation/thanks.html" target="_blank" rel="noopener noreferrer" class="footer__link-item">Thanks<svg width="13.5" height="13.5" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a></li><li class="footer__item"><a href="https://www.apache.org/foundation/sponsorship.html" target="_blank" rel="noopener noreferrer" class="footer__link-item">Sponsorship<svg width="13.5" height="13.5" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a></li></ul></div></div><div class="footer__bottom text--center"><div class="margin-bottom--sm"><a href="https://rocketmq.apache.org/" rel="noopener noreferrer" class="footerLogoLink_BH7S"><img src="/img/Apache_RocketMQ_logo.svg.png" alt="Meta Open Source Logo" class="themedImage_ToTc themedImage--light_HNdA footer__logo"><img src="/img/Apache_RocketMQ_logo.svg.png" alt="Meta Open Source Logo" class="themedImage_ToTc themedImage--dark_i4oU footer__logo"></a></div><div class="footer__copyright">Copyright © 2022 The Apache Software Foundation. Licensed under the Apache License, Version 2.0.</div></div></div></footer></div> |
