| <!doctype html> |
| <html lang="zh" dir="ltr" class="docs-wrapper docs-doc-page docs-version-current plugin-docs plugin-id-default docs-doc-id-bestPractice/04access" data-has-hydrated="false"> |
| <head> |
| <meta charset="UTF-8"> |
| <meta name="generator" content="Docusaurus v2.4.3"> |
| <title data-rh="true">权限控制 | RocketMQ</title><meta data-rh="true" name="viewport" content="width=device-width,initial-scale=1"><meta data-rh="true" name="twitter:card" content="summary_large_image"><meta data-rh="true" property="og:url" content="https://your-docusaurus-test-site.com/zh/docs/4.x/bestPractice/04access"><meta data-rh="true" name="docusaurus_locale" content="zh"><meta data-rh="true" name="docsearch:language" content="zh"><meta data-rh="true" name="docusaurus_version" content="current"><meta data-rh="true" name="docusaurus_tag" content="docs-default-current"><meta data-rh="true" name="docsearch:version" content="current"><meta data-rh="true" name="docsearch:docusaurus_tag" content="docs-default-current"><meta data-rh="true" property="og:title" content="权限控制 | RocketMQ"><meta data-rh="true" name="description" content="1.权限控制特性介绍"><meta data-rh="true" property="og:description" content="1.权限控制特性介绍"><link data-rh="true" rel="icon" href="/zh/img/favicon.ico"><link data-rh="true" rel="canonical" href="https://your-docusaurus-test-site.com/zh/docs/4.x/bestPractice/04access"><link data-rh="true" rel="alternate" href="https://your-docusaurus-test-site.com/zh/docs/4.x/bestPractice/04access" hreflang="zh"><link data-rh="true" rel="alternate" href="https://your-docusaurus-test-site.com/docs/4.x/bestPractice/04access" hreflang="en"><link data-rh="true" rel="alternate" href="https://your-docusaurus-test-site.com/docs/4.x/bestPractice/04access" hreflang="x-default"><link data-rh="true" rel="preconnect" href="https://R2IYF7ETH7-dsn.algolia.net" crossorigin="anonymous"><link rel="alternate" type="application/rss+xml" href="/zh/blog/rss.xml" title="RocketMQ RSS Feed"> |
| <link rel="alternate" type="application/atom+xml" href="/zh/blog/atom.xml" title="RocketMQ Atom Feed"> |
| |
| |
| |
| <link rel="search" type="application/opensearchdescription+xml" title="RocketMQ" href="/zh/opensearch.xml"> |
| <script>var _hmt=_hmt||[];!function(){var e=document.createElement("script");e.src="https://hm.baidu.com/hm.js?36428f2b841d08e7405724cbf7f860d2";var t=document.getElementsByTagName("script")[0];t.parentNode.insertBefore(e,t)}()</script> |
| <link rel="preconnect" href="https://www.google-analytics.com"> |
| <script>window.ga=window.ga||function(){(ga.q=ga.q||[]).push(arguments)},ga.l=+new Date,ga("create","UA-89603173-1","auto"),ga("set","anonymizeIp",!0),ga("send","pageview")</script> |
| <script async src="https://www.google-analytics.com/analytics.js"></script> |
| <link rel="alternate" type="application/rss+xml" href="/zh/events/rss.xml" title="RocketMQ RSS Feed"> |
| <link rel="alternate" type="application/atom+xml" href="/zh/events/atom.xml" title="RocketMQ Atom Feed"> |
| <link rel="alternate" type="application/rss+xml" href="/zh/release-notes/rss.xml" title="RocketMQ RSS Feed"> |
| <link rel="alternate" type="application/atom+xml" href="/zh/release-notes/atom.xml" title="RocketMQ Atom Feed"> |
| <link rel="alternate" type="application/rss+xml" href="/zh/news/rss.xml" title="RocketMQ RSS Feed"> |
| <link rel="alternate" type="application/atom+xml" href="/zh/news/atom.xml" title="RocketMQ Atom Feed"> |
| |
| <link rel="stylesheet" href="//g.alicdn.com/mamba/assets/0.0.13/mse-arc-ui.min.css"> |
| <script src="//g.alicdn.com/mamba/assets/0.0.13/mse-arc-ui.min.js"></script><link rel="stylesheet" href="/zh/assets/css/styles.d2e5c25b.css"> |
| <link rel="preload" href="/zh/assets/js/runtime~main.b17b65ca.js" as="script"> |
| <link rel="preload" href="/zh/assets/js/main.46e74ac2.js" as="script"> |
| </head> |
| <body class="navigation-with-keyboard"> |
| <script>!function(){function t(t){document.documentElement.setAttribute("data-theme",t)}var e=function(){var t=null;try{t=new URLSearchParams(window.location.search).get("docusaurus-theme")}catch(t){}return t}()||function(){var t=null;try{t=localStorage.getItem("theme")}catch(t){}return t}();t(null!==e?e:"light")}()</script><div id="__docusaurus"> |
| <div role="region" aria-label="跳到主要内容"><a class="skipToContent_fXgn" href="#__docusaurus_skipToContent_fallback">跳到主要内容</a></div><nav aria-label="主导航" class="navbar navbar--fixed-top"><div class="navbar__inner"><div class="navbar__items"><button aria-label="切换导航栏" aria-expanded="false" class="navbar__toggle clean-btn" type="button"><svg width="30" height="30" viewBox="0 0 30 30" aria-hidden="true"><path stroke="currentColor" stroke-linecap="round" stroke-miterlimit="10" stroke-width="2" d="M4 7h22M4 15h22M4 23h22"></path></svg></button><a class="navbar__brand" href="/zh/"><div class="navbar__logo"><img src="/zh/img/Apache_RocketMQ_logo.svg.png" alt="My Site Logo" class="themedImage_ToTc themedImage--light_HNdA"><img src="/zh/img/Apache_RocketMQ_logo.svg.png" alt="My Site Logo" class="themedImage_ToTc themedImage--dark_i4oU"></div><b class="navbar__title text--truncate">Apache RocketMQ</b></a></div><div class="navbar__items navbar__items--right"><a href="https://github.com/apache/rocketmq" target="_blank" rel="noopener noreferrer" class="navbar__item navbar__link">GitHub<svg width="13.5" height="13.5" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a><div class="navbar__item dropdown dropdown--hoverable dropdown--right"><a href="#" aria-haspopup="true" aria-expanded="false" role="button" class="navbar__link"><svg viewBox="0 0 24 24" width="20" height="20" aria-hidden="true" class="iconLanguage_nlXk"><path fill="currentColor" d="M12.87 15.07l-2.54-2.51.03-.03c1.74-1.94 2.98-4.17 3.71-6.53H17V4h-7V2H8v2H1v1.99h11.17C11.5 7.92 10.44 9.75 9 11.35 8.07 10.32 7.3 9.19 6.69 8h-2c.73 1.63 1.73 3.17 2.98 4.56l-5.09 5.02L4 19l5-5 3.11 3.11.76-2.04zM18.5 10h-2L12 22h2l1.12-3h4.75L21 22h2l-4.5-12zm-2.62 7l1.62-4.33L19.12 17h-3.24z"></path></svg>简体中文</a><ul class="dropdown__menu"><li><a href="/zh/docs/4.x/bestPractice/04access" target="_self" rel="noopener noreferrer" class="dropdown__link dropdown__link--active" lang="zh">简体中文</a></li><li><a href="/docs/4.x/bestPractice/04access" target="_self" rel="noopener noreferrer" class="dropdown__link" lang="en">English</a></li></ul></div><div class="navbar__item dropdown dropdown--hoverable dropdown--right"><a href="#" aria-haspopup="true" aria-expanded="false" role="button" class="navbar__link">文档</a><ul class="dropdown__menu"><li><a aria-current="page" class="dropdown__link dropdown__link--active" href="/zh/docs/">5.0</a></li><li><a aria-current="page" class="dropdown__link dropdown__link--active" href="/zh/docs/4.x/">4.x</a></li></ul></div><a class="navbar__item navbar__link" href="/zh/download">下载</a><div class="navbar__item dropdown dropdown--hoverable dropdown--right"><a href="#" aria-haspopup="true" aria-expanded="false" role="button" class="navbar__link">博客</a><ul class="dropdown__menu"><li><a class="dropdown__link" href="/zh/blog">用户案例</a></li><li><a class="dropdown__link" href="/zh/events">社区活动</a></li><li><a class="dropdown__link" href="/zh/release-notes">版本变化</a></li><li><a class="dropdown__link" href="/zh/news">RocketMQ新闻</a></li></ul></div><div class="navbar__item dropdown dropdown--hoverable dropdown--right"><a href="#" aria-haspopup="true" aria-expanded="false" role="button" class="navbar__link">社区</a><ul class="dropdown__menu"><li><a class="dropdown__link" href="/zh/contact">参与社区</a></li><li><a class="dropdown__link" href="/zh/origin">项目起源</a></li><li><a class="dropdown__link" href="/zh/team">贡献团队</a></li><li><a class="dropdown__link" href="/zh/docs/contributionGuide/01how-to-contribute">贡献说明</a></li><li><a class="dropdown__link" href="/zh/enterprise">企业用户</a></li></ul></div><div class="toggle_vylO colorModeToggle_DEke"><button class="clean-btn toggleButton_gllP toggleButtonDisabled_aARS" type="button" disabled="" title="切换浅色/暗黑模式(当前为浅色模式)" aria-label="切换浅色/暗黑模式(当前为浅色模式)" aria-live="polite"><svg viewBox="0 0 24 24" width="24" height="24" class="lightToggleIcon_pyhR"><path fill="currentColor" d="M12,9c1.65,0,3,1.35,3,3s-1.35,3-3,3s-3-1.35-3-3S10.35,9,12,9 M12,7c-2.76,0-5,2.24-5,5s2.24,5,5,5s5-2.24,5-5 S14.76,7,12,7L12,7z M2,13l2,0c0.55,0,1-0.45,1-1s-0.45-1-1-1l-2,0c-0.55,0-1,0.45-1,1S1.45,13,2,13z M20,13l2,0c0.55,0,1-0.45,1-1 s-0.45-1-1-1l-2,0c-0.55,0-1,0.45-1,1S19.45,13,20,13z M11,2v2c0,0.55,0.45,1,1,1s1-0.45,1-1V2c0-0.55-0.45-1-1-1S11,1.45,11,2z M11,20v2c0,0.55,0.45,1,1,1s1-0.45,1-1v-2c0-0.55-0.45-1-1-1C11.45,19,11,19.45,11,20z M5.99,4.58c-0.39-0.39-1.03-0.39-1.41,0 c-0.39,0.39-0.39,1.03,0,1.41l1.06,1.06c0.39,0.39,1.03,0.39,1.41,0s0.39-1.03,0-1.41L5.99,4.58z M18.36,16.95 c-0.39-0.39-1.03-0.39-1.41,0c-0.39,0.39-0.39,1.03,0,1.41l1.06,1.06c0.39,0.39,1.03,0.39,1.41,0c0.39-0.39,0.39-1.03,0-1.41 L18.36,16.95z M19.42,5.99c0.39-0.39,0.39-1.03,0-1.41c-0.39-0.39-1.03-0.39-1.41,0l-1.06,1.06c-0.39,0.39-0.39,1.03,0,1.41 s1.03,0.39,1.41,0L19.42,5.99z M7.05,18.36c0.39-0.39,0.39-1.03,0-1.41c-0.39-0.39-1.03-0.39-1.41,0l-1.06,1.06 c-0.39,0.39-0.39,1.03,0,1.41s1.03,0.39,1.41,0L7.05,18.36z"></path></svg><svg viewBox="0 0 24 24" width="24" height="24" class="darkToggleIcon_wfgR"><path fill="currentColor" d="M9.37,5.51C9.19,6.15,9.1,6.82,9.1,7.5c0,4.08,3.32,7.4,7.4,7.4c0.68,0,1.35-0.09,1.99-0.27C17.45,17.19,14.93,19,12,19 c-3.86,0-7-3.14-7-7C5,9.07,6.81,6.55,9.37,5.51z M12,3c-4.97,0-9,4.03-9,9s4.03,9,9,9s9-4.03,9-9c0-0.46-0.04-0.92-0.1-1.36 c-0.98,1.37-2.58,2.26-4.4,2.26c-2.98,0-5.4-2.42-5.4-5.4c0-1.81,0.89-3.42,2.26-4.4C12.92,3.04,12.46,3,12,3L12,3z"></path></svg></button></div><div class="searchBox_ZlJk"><button type="button" class="DocSearch DocSearch-Button" aria-label="搜索"><span class="DocSearch-Button-Container"><svg width="20" height="20" class="DocSearch-Search-Icon" viewBox="0 0 20 20" aria-hidden="true"><path d="M14.386 14.386l4.0877 4.0877-4.0877-4.0877c-2.9418 2.9419-7.7115 2.9419-10.6533 0-2.9419-2.9418-2.9419-7.7115 0-10.6533 2.9418-2.9419 7.7115-2.9419 10.6533 0 2.9419 2.9418 2.9419 7.7115 0 10.6533z" stroke="currentColor" fill="none" fill-rule="evenodd" stroke-linecap="round" stroke-linejoin="round"></path></svg><span class="DocSearch-Button-Placeholder">搜索</span></span><span class="DocSearch-Button-Keys"></span></button></div></div></div><div role="presentation" class="navbar-sidebar__backdrop"></div></nav><div id="__docusaurus_skipToContent_fallback" class="main-wrapper mainWrapper_z2l0 docsWrapper_BCFX"><button aria-label="回到顶部" class="clean-btn theme-back-to-top-button backToTopButton_sjWU" type="button"></button><div class="docPage__5DB"><aside class="theme-doc-sidebar-container docSidebarContainer_b6E3"><div class="sidebarViewport_Xe31"><div class="sidebar_njMd"><nav aria-label="文档侧边栏" class="menu thin-scrollbar menu_SIkG"><ul class="theme-doc-sidebar-menu menu__list"><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-1 menu__list-item menu__list-item--collapsed"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist menu__link--sublist-caret" aria-expanded="false" href="/zh/docs/4.x/">基本概念</a></div></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-1 menu__list-item menu__list-item--collapsed"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist menu__link--sublist-caret" aria-expanded="false" href="/zh/docs/4.x/producer/01concept1">生产者</a></div></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-1 menu__list-item menu__list-item--collapsed"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist menu__link--sublist-caret" aria-expanded="false" href="/zh/docs/4.x/consumer/01concept2">消费者</a></div></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-1 menu__list-item menu__list-item--collapsed"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist menu__link--sublist-caret" aria-expanded="false" href="/zh/docs/4.x/deployment/01deploy">部署 & 运维</a></div></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-1 menu__list-item"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist menu__link--sublist-caret menu__link--active" aria-expanded="true" href="/zh/docs/4.x/bestPractice/01bestpractice">最佳实践</a></div><ul style="display:block;overflow:visible;height:auto" class="menu__list"><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/zh/docs/4.x/bestPractice/01bestpractice">基本最佳实践</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/zh/docs/4.x/bestPractice/02dledger">Dledger</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/zh/docs/4.x/bestPractice/03messagetra">消息轨迹</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link menu__link--active" aria-current="page" tabindex="0" href="/zh/docs/4.x/bestPractice/04access">权限控制</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/zh/docs/4.x/bestPractice/05JVMOS">JVM/OS配置</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/zh/docs/4.x/bestPractice/06log">日志配置</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/zh/docs/4.x/bestPractice/07subscribe">订阅关系一致</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/zh/docs/4.x/bestPractice/08FAQ">常见问题解答</a></li></ul></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-1 menu__list-item menu__list-item--collapsed"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist menu__link--sublist-caret" aria-expanded="false" href="/zh/docs/4.x/parameterConfiguration/01local">参数配置</a></div></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-1 menu__list-item menu__list-item--collapsed"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist menu__link--sublist-caret" aria-expanded="false" href="/zh/docs/4.x/eventbridge/01RocketMQEventBridgeConcepts">RocketMQ EventBridge</a></div></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-1 menu__list-item menu__list-item--collapsed"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist menu__link--sublist-caret" aria-expanded="false" href="/zh/docs/4.x/mqtt/01RocketMQMQTTOverview">RocketMQ MQTT</a></div></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-1 menu__list-item menu__list-item--collapsed"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist menu__link--sublist-caret" aria-expanded="false" href="/zh/docs/4.x/streams/01RocketMQ Streams Overview">RocketMQ Streams</a></div></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-1 menu__list-item menu__list-item--collapsed"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist menu__link--sublist-caret" aria-expanded="false" href="/zh/docs/4.x/connect/01RocketMQ Connect Overview">RocketMQ Connect</a></div></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-1 menu__list-item menu__list-item--collapsed"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist menu__link--sublist-caret" aria-expanded="false" href="/zh/docs/4.x/contributionGuide/01how-to-contribute">贡献指南</a></div></li></ul></nav></div></div></aside><main class="docMainContainer_gTbr"><div class="container padding-top--md padding-bottom--lg"><div class="row"><div class="col docItemCol_VOVn"><div class="docItemContainer_Djhp"><article><nav class="theme-doc-breadcrumbs breadcrumbsContainer_Z_bl" aria-label="页面路径"><ul class="breadcrumbs" itemscope="" itemtype="https://schema.org/BreadcrumbList"><li class="breadcrumbs__item"><a aria-label="主页面" class="breadcrumbs__link" href="/zh/"><svg viewBox="0 0 24 24" class="breadcrumbHomeIcon_YNFT"><path d="M10 19v-5h4v5c0 .55.45 1 1 1h3c.55 0 1-.45 1-1v-7h1.7c.46 0 .68-.57.33-.87L12.67 3.6c-.38-.34-.96-.34-1.34 0l-8.36 7.53c-.34.3-.13.87.33.87H5v7c0 .55.45 1 1 1h3c.55 0 1-.45 1-1z" fill="currentColor"></path></svg></a></li><li class="breadcrumbs__item"><span class="breadcrumbs__link">最佳实践</span><meta itemprop="position" content="1"></li><li itemscope="" itemprop="itemListElement" itemtype="https://schema.org/ListItem" class="breadcrumbs__item breadcrumbs__item--active"><span class="breadcrumbs__link" itemprop="name">权限控制</span><meta itemprop="position" content="2"></li></ul></nav><span class="theme-doc-version-badge badge badge--secondary">版本:4.x</span><div class="tocCollapsible_ETCw theme-doc-toc-mobile tocMobile_ITEo"><button type="button" class="clean-btn tocCollapsibleButton_TO0P">本页总览</button></div><div class="theme-doc-markdown markdown"><h1>权限控制</h1><h2 class="anchor anchorWithStickyNavbar_LWe7" id="1权限控制特性介绍">1.权限控制特性介绍<a href="#1权限控制特性介绍" class="hash-link" aria-label="1.权限控制特性介绍的直接链接" title="1.权限控制特性介绍的直接链接"></a></h2><p>权限控制(ACL)主要为RocketMQ提供Topic资源级别的用户访问控制。用户在使用RocketMQ权限控制时,可以在Client客户端通过 RPCHook注入AccessKey和SecretKey签名;同时,将对应的权限控制属性(包括Topic访问权限、IP白名单和AccessKey和SecretKey签名等)设置在distribution/conf/plain_acl.yml的配置文件中。Broker端对AccessKey所拥有的权限进行校验,校验不过,抛出异常; |
| ACL客户端可以参考:<strong>org.apache.rocketmq.example.simple</strong>包下面的<strong>AclClient</strong>代码。</p><h2 class="anchor anchorWithStickyNavbar_LWe7" id="2-权限控制的定义与属性值">2. 权限控制的定义与属性值<a href="#2-权限控制的定义与属性值" class="hash-link" aria-label="2. 权限控制的定义与属性值的直接链接" title="2. 权限控制的定义与属性值的直接链接"></a></h2><h3 class="anchor anchorWithStickyNavbar_LWe7" id="21权限定义">2.1权限定义<a href="#21权限定义" class="hash-link" aria-label="2.1权限定义的直接链接" title="2.1权限定义的直接链接"></a></h3><p>对RocketMQ的Topic资源访问权限控制定义主要如下表所示,分为以下四种</p><table><thead><tr><th>权限</th><th>含义</th></tr></thead><tbody><tr><td>DENY</td><td>拒绝</td></tr><tr><td>ANY</td><td>PUB 或者 SUB 权限</td></tr><tr><td>PUB</td><td>发送权限</td></tr><tr><td>SUB</td><td>订阅权限</td></tr></tbody></table><h3 class="anchor anchorWithStickyNavbar_LWe7" id="22-权限定义的关键属性">2.2 权限定义的关键属性<a href="#22-权限定义的关键属性" class="hash-link" aria-label="2.2 权限定义的关键属性的直接链接" title="2.2 权限定义的关键属性的直接链接"></a></h3><table><thead><tr><th>字段</th><th>取值</th><th>含义</th></tr></thead><tbody><tr><td>globalWhiteRemoteAddresses</td><td>*<!-- -->;192.168.<!-- -->*<!-- -->.<!-- -->*<!-- -->;192.168.0.1</td><td>全局IP白名单</td></tr><tr><td>accessKey</td><td>字符串</td><td>Access Key</td></tr><tr><td>secretKey</td><td>字符串</td><td>Secret Key</td></tr><tr><td>whiteRemoteAddress</td><td>*<!-- -->;192.168.<!-- -->*<!-- -->.<!-- -->*<!-- -->;192.168.0.1</td><td>用户IP白名单</td></tr><tr><td>admin</td><td>true;false</td><td>是否管理员账户</td></tr><tr><td>defaultTopicPerm</td><td>DENY;PUB;SUB;PUB<!-- -->|<!-- -->SUB</td><td>默认的Topic权限</td></tr><tr><td>defaultGroupPerm</td><td>DENY;PUB;SUB;PUB<!-- -->|<!-- -->SUB</td><td>默认的ConsumerGroup权限</td></tr><tr><td>topicPerms</td><td>topic=权限</td><td>各个Topic的权限</td></tr><tr><td>groupPerms</td><td>group=权限</td><td>各个ConsumerGroup的权限</td></tr></tbody></table><p>具体可以参考<strong>distribution/conf/plain_acl.yml</strong>配置文件</p><h2 class="anchor anchorWithStickyNavbar_LWe7" id="3-支持权限控制的集群部署">3. 支持权限控制的集群部署<a href="#3-支持权限控制的集群部署" class="hash-link" aria-label="3. 支持权限控制的集群部署的直接链接" title="3. 支持权限控制的集群部署的直接链接"></a></h2><p>在<strong>distribution/conf/plain_acl.yml</strong>配置文件中按照上述说明定义好权限属性后,打开<strong>aclEnable</strong>开关变量即可开启RocketMQ集群的ACL特性。这里贴出Broker端开启ACL特性的properties配置文件内容:</p><div class="language-properties codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#393A34;--prism-background-color:#f6f8fa"><div class="codeBlockContent_biex"><pre tabindex="0" class="prism-code language-properties codeBlock_bY9V thin-scrollbar"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#393A34"><span class="token plain">brokerClusterName=DefaultCluster</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">brokerName=broker-a</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">brokerId=0</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">deleteWhen=04</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">fileReservedTime=48</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">brokerRole=ASYNC_MASTER</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">flushDiskType=ASYNC_FLUSH</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">storePathRootDir=/data/rocketmq/rootdir-a-m</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">storePathCommitLog=/data/rocketmq/commitlog-a-m</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">autoCreateSubscriptionGroup=true</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">## if acl is open,the flag will be true</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">aclEnable=true</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">listenPort=10911</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">brokerIP1=XX.XX.XX.XX1</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">namesrvAddr=XX.XX.XX.XX:9876</span><br></span></code></pre><div class="buttonGroup__atx"><button type="button" aria-label="复制代码到剪贴板" title="复制" class="clean-btn"><span class="copyButtonIcons_eSgA" aria-hidden="true"><svg viewBox="0 0 24 24" class="copyButtonIcon_y97N"><path fill="currentColor" d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z"></path></svg><svg viewBox="0 0 24 24" class="copyButtonSuccessIcon_LjdS"><path fill="currentColor" d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z"></path></svg></span></button></div></div></div><h2 class="anchor anchorWithStickyNavbar_LWe7" id="4-权限控制主要流程">4. 权限控制主要流程<a href="#4-权限控制主要流程" class="hash-link" aria-label="4. 权限控制主要流程的直接链接" title="4. 权限控制主要流程的直接链接"></a></h2><p>ACL主要流程分为两部分,主要包括权限解析和权限校验。</p><h3 class="anchor anchorWithStickyNavbar_LWe7" id="41-权限解析">4.1 权限解析<a href="#41-权限解析" class="hash-link" aria-label="4.1 权限解析的直接链接" title="4.1 权限解析的直接链接"></a></h3><p>Broker端对客户端的RequestCommand请求进行解析,拿到需要鉴权的属性字段。 |
| 主要包括: |
| (1)AccessKey:类似于用户名,代指用户主体,权限数据与之对应; |
| (2)Signature:客户根据 SecretKey 签名得到的串,服务端再用SecretKey进行签名验证;</p><h3 class="anchor anchorWithStickyNavbar_LWe7" id="42-权限校验">4.2 权限校验<a href="#42-权限校验" class="hash-link" aria-label="4.2 权限校验的直接链接" title="4.2 权限校验的直接链接"></a></h3><p>Broker端对权限的校验逻辑主要分为以下几步: |
| (1)检查是否命中全局 IP 白名单;如果是,则认为校验通过;否则走 2; |
| (2)检查是否命中用户 IP 白名单;如果是,则认为校验通过;否则走 3; |
| (3)校验签名,校验不通过,抛出异常;校验通过,则走 4; |
| (4)对用户请求所需的权限 和 用户所拥有的权限进行校验;不通过,抛出异常; |
| 用户所需权限的校验需要注意已下内容: |
| (1)特殊的请求例如 UPDATE_AND_CREATE_TOPIC 等,只能由 admin 账户进行操作; |
| (2)对于某个资源,如果有显性配置权限,则采用配置的权限;如果没有显性配置权限,则采用默认的权限;</p><h2 class="anchor anchorWithStickyNavbar_LWe7" id="5-热加载修改后权限控制定义">5. 热加载修改后权限控制定义<a href="#5-热加载修改后权限控制定义" class="hash-link" aria-label="5. 热加载修改后权限控制定义的直接链接" title="5. 热加载修改后权限控制定义的直接链接"></a></h2><p>RocketMQ的权限控制存储的默认实现是基于yml配置文件。用户可以动态修改权限控制定义的属性,而不需重新启动Broker服务节点。</p><h2 class="anchor anchorWithStickyNavbar_LWe7" id="6-权限控制的使用限制">6. 权限控制的使用限制<a href="#6-权限控制的使用限制" class="hash-link" aria-label="6. 权限控制的使用限制的直接链接" title="6. 权限控制的使用限制的直接链接"></a></h2><p>(1)如果ACL与高可用部署(Master/Slave架构)同时启用,那么需要在Broker Master节点的distribution/conf/plain_acl.yml配置文件中 |
| 设置全局白名单信息,即为将Slave节点的ip地址设置至Master节点plain_acl.yml配置文件的全局白名单中。</p><p>(2)如果ACL与高可用部署(多副本Dledger架构)同时启用,由于出现节点宕机时,Dledger Group组内会自动选主,那么就需要将Dledger Group组 |
| 内所有Broker节点的plain_acl.yml配置文件的白名单设置所有Broker节点的ip地址。</p><h2 class="anchor anchorWithStickyNavbar_LWe7" id="7-acl-mqadmin配置管理命令">7. ACL mqadmin配置管理命令<a href="#7-acl-mqadmin配置管理命令" class="hash-link" aria-label="7. ACL mqadmin配置管理命令的直接链接" title="7. ACL mqadmin配置管理命令的直接链接"></a></h2><h3 class="anchor anchorWithStickyNavbar_LWe7" id="71-更新acl配置文件中account的属性值">7.1 更新ACL配置文件中“account”的属性值<a href="#71-更新acl配置文件中account的属性值" class="hash-link" aria-label="7.1 更新ACL配置文件中“account”的属性值的直接链接" title="7.1 更新ACL配置文件中“account”的属性值的直接链接"></a></h3><p>该命令的示例如下:</p><div class="language-shell codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#393A34;--prism-background-color:#f6f8fa"><div class="codeBlockContent_biex"><pre tabindex="0" class="prism-code language-shell codeBlock_bY9V thin-scrollbar"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#393A34"><span class="token plain">$ </span><span class="token function" style="color:#d73a49">sh</span><span class="token plain"> mqadmin updateAclConfig -n </span><span class="token number" style="color:#36acaa">192.168</span><span class="token plain">.1.2:9876 -b </span><span class="token number" style="color:#36acaa">192.168</span><span class="token plain">.12.134:10911 -a RocketMQ -s </span><span class="token number" style="color:#36acaa">1234567809123</span><span class="token plain"> -t </span><span class="token assign-left variable" style="color:#36acaa">topicA</span><span class="token operator" style="color:#393A34">=</span><span class="token plain">DENY,topicD</span><span class="token operator" style="color:#393A34">=</span><span class="token plain">SUB -g </span><span class="token assign-left variable" style="color:#36acaa">groupD</span><span class="token operator" style="color:#393A34">=</span><span class="token plain">DENY,groupB</span><span class="token operator" style="color:#393A34">=</span><span class="token plain">SUB</span><br></span></code></pre><div class="buttonGroup__atx"><button type="button" aria-label="复制代码到剪贴板" title="复制" class="clean-btn"><span class="copyButtonIcons_eSgA" aria-hidden="true"><svg viewBox="0 0 24 24" class="copyButtonIcon_y97N"><path fill="currentColor" d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z"></path></svg><svg viewBox="0 0 24 24" class="copyButtonSuccessIcon_LjdS"><path fill="currentColor" d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z"></path></svg></span></button></div></div></div><p>说明:如果不存在则会在ACL Config YAML配置文件中创建;若存在,则会更新对应的“accounts”的属性值; |
| 如果指定的是集群名称,则会在集群中各个broker节点执行该命令;否则会在单个broker节点执行该命令。</p><table><thead><tr><th>参数</th><th>取值</th><th>含义</th></tr></thead><tbody><tr><td>n</td><td>eg:192.168.1.2:9876</td><td>namesrv地址(必填)</td></tr><tr><td>c</td><td>eg:DefaultCluster</td><td>指定集群名称(与broker地址二选一)</td></tr><tr><td>b</td><td>eg:192.168.12.134:10911</td><td>指定broker地址(与集群名称二选一)</td></tr><tr><td>a</td><td>eg:RocketMQ</td><td>Access Key值(必填)</td></tr><tr><td>s</td><td>eg:1234567809123</td><td>Secret Key值(可选)</td></tr><tr><td>m</td><td>eg:true</td><td>是否管理员账户(可选)</td></tr><tr><td>w</td><td>eg:192.168.0.*</td><td>whiteRemoteAddress,用户IP白名单(可选)</td></tr><tr><td>i</td><td>eg:DENY;PUB;SUB;PUB<!-- -->|<!-- -->SUB</td><td>defaultTopicPerm,默认Topic权限(可选)</td></tr><tr><td>u</td><td>eg:DENY;PUB;SUB;PUB<!-- -->|<!-- -->SUB</td><td>defaultGroupPerm,默认ConsumerGroup权限(可选)</td></tr><tr><td>t</td><td>eg:topicA=DENY,topicD=SUB</td><td>topicPerms,各个Topic的权限(可选)</td></tr><tr><td>g</td><td>eg:groupD=DENY,groupB=SUB</td><td>groupPerms,各个ConsumerGroup的权限(可选)</td></tr></tbody></table><h3 class="anchor anchorWithStickyNavbar_LWe7" id="72-删除acl配置文件里面的对应account">7.2 删除ACL配置文件里面的对应“account”<a href="#72-删除acl配置文件里面的对应account" class="hash-link" aria-label="7.2 删除ACL配置文件里面的对应“account”的直接链接" title="7.2 删除ACL配置文件里面的对应“account”的直接链接"></a></h3><p>该命令的示例如下:</p><div class="language-shell codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#393A34;--prism-background-color:#f6f8fa"><div class="codeBlockContent_biex"><pre tabindex="0" class="prism-code language-shell codeBlock_bY9V thin-scrollbar"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#393A34"><span class="token plain">$ </span><span class="token function" style="color:#d73a49">sh</span><span class="token plain"> mqadmin deleteAccessConfig -n </span><span class="token number" style="color:#36acaa">192.168</span><span class="token plain">.1.2:9876 -c DefaultCluster -a RocketMQ</span><br></span></code></pre><div class="buttonGroup__atx"><button type="button" aria-label="复制代码到剪贴板" title="复制" class="clean-btn"><span class="copyButtonIcons_eSgA" aria-hidden="true"><svg viewBox="0 0 24 24" class="copyButtonIcon_y97N"><path fill="currentColor" d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z"></path></svg><svg viewBox="0 0 24 24" class="copyButtonSuccessIcon_LjdS"><path fill="currentColor" d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z"></path></svg></span></button></div></div></div><p>说明:如果指定的是集群名称,则会在集群中各个broker节点执行该命令;否则会在单个broker节点执行该命令。 |
| 其中,参数"a"为Access Key的值,用以标识唯一账户id,因此该命令的参数中指定账户id即可。</p><table><thead><tr><th>参数</th><th>取值</th><th>含义</th></tr></thead><tbody><tr><td>n</td><td>eg:192.168.1.2:9876</td><td>namesrv地址(必填)</td></tr><tr><td>c</td><td>eg:DefaultCluster</td><td>指定集群名称(与broker地址二选一)</td></tr><tr><td>b</td><td>eg:192.168.12.134:10911</td><td>指定broker地址(与集群名称二选一)</td></tr><tr><td>a</td><td>eg:RocketMQ</td><td>Access Key的值(必填)</td></tr></tbody></table><h3 class="anchor anchorWithStickyNavbar_LWe7" id="73-更新acl配置文件里面中的全局白名单">7.3 更新ACL配置文件里面中的全局白名单<a href="#73-更新acl配置文件里面中的全局白名单" class="hash-link" aria-label="7.3 更新ACL配置文件里面中的全局白名单的直接链接" title="7.3 更新ACL配置文件里面中的全局白名单的直接链接"></a></h3><p>该命令的示例如下:</p><div class="language-shell codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#393A34;--prism-background-color:#f6f8fa"><div class="codeBlockContent_biex"><pre tabindex="0" class="prism-code language-shell codeBlock_bY9V thin-scrollbar"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#393A34"><span class="token plain">$ </span><span class="token function" style="color:#d73a49">sh</span><span class="token plain"> mqadmin updateGlobalWhiteAddr -n </span><span class="token number" style="color:#36acaa">192.168</span><span class="token plain">.1.2:9876 -b </span><span class="token number" style="color:#36acaa">192.168</span><span class="token plain">.12.134:10911 -g </span><span class="token number" style="color:#36acaa">10.10</span><span class="token plain">.154.1,10.10.154.2</span><br></span></code></pre><div class="buttonGroup__atx"><button type="button" aria-label="复制代码到剪贴板" title="复制" class="clean-btn"><span class="copyButtonIcons_eSgA" aria-hidden="true"><svg viewBox="0 0 24 24" class="copyButtonIcon_y97N"><path fill="currentColor" d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z"></path></svg><svg viewBox="0 0 24 24" class="copyButtonSuccessIcon_LjdS"><path fill="currentColor" d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z"></path></svg></span></button></div></div></div><p>说明:如果指定的是集群名称,则会在集群中各个broker节点执行该命令;否则会在单个broker节点执行该命令。 |
| 其中,参数"g"为全局IP白名的值,用以更新ACL配置文件中的“globalWhiteRemoteAddresses”字段的属性值。</p><table><thead><tr><th>参数</th><th>取值</th><th>含义</th></tr></thead><tbody><tr><td>n</td><td>eg:192.168.1.2:9876</td><td>namesrv地址(必填)</td></tr><tr><td>c</td><td>eg:DefaultCluster</td><td>指定集群名称(与broker地址二选一)</td></tr><tr><td>b</td><td>eg:192.168.12.134:10911</td><td>指定broker地址(与集群名称二选一)</td></tr><tr><td>g</td><td>eg:10.10.154.1,10.10.154.2</td><td>全局IP白名单(必填)</td></tr></tbody></table><h3 class="anchor anchorWithStickyNavbar_LWe7" id="74-查询集群broker的acl配置文件版本信息">7.4 查询集群/Broker的ACL配置文件版本信息<a href="#74-查询集群broker的acl配置文件版本信息" class="hash-link" aria-label="7.4 查询集群/Broker的ACL配置文件版本信息的直接链接" title="7.4 查询集群/Broker的ACL配置文件版本信息的直接链接"></a></h3><p>该命令的示例如下:</p><div class="language-shell codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#393A34;--prism-background-color:#f6f8fa"><div class="codeBlockContent_biex"><pre tabindex="0" class="prism-code language-shell codeBlock_bY9V thin-scrollbar"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#393A34"><span class="token plain">$ </span><span class="token function" style="color:#d73a49">sh</span><span class="token plain"> mqadmin clusterAclConfigVersion -n </span><span class="token number" style="color:#36acaa">192.168</span><span class="token plain">.1.2:9876 -c DefaultCluster</span><br></span></code></pre><div class="buttonGroup__atx"><button type="button" aria-label="复制代码到剪贴板" title="复制" class="clean-btn"><span class="copyButtonIcons_eSgA" aria-hidden="true"><svg viewBox="0 0 24 24" class="copyButtonIcon_y97N"><path fill="currentColor" d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z"></path></svg><svg viewBox="0 0 24 24" class="copyButtonSuccessIcon_LjdS"><path fill="currentColor" d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z"></path></svg></span></button></div></div></div><p>说明:如果指定的是集群名称,则会在集群中各个broker节点执行该命令;否则会在单个broker节点执行该命令。</p><table><thead><tr><th>参数</th><th>取值</th><th>含义</th></tr></thead><tbody><tr><td>n</td><td>eg:192.168.1.2:9876</td><td>namesrv地址(必填)</td></tr><tr><td>c</td><td>eg:DefaultCluster</td><td>指定集群名称(与broker地址二选一)</td></tr><tr><td>b</td><td>eg:192.168.12.134:10911</td><td>指定broker地址(与集群名称二选一)</td></tr></tbody></table><h3 class="anchor anchorWithStickyNavbar_LWe7" id="75-查询集群broker的acl配置文件全部内容">7.5 查询集群/Broker的ACL配置文件全部内容<a href="#75-查询集群broker的acl配置文件全部内容" class="hash-link" aria-label="7.5 查询集群/Broker的ACL配置文件全部内容的直接链接" title="7.5 查询集群/Broker的ACL配置文件全部内容的直接链接"></a></h3><p>该命令的示例如下:</p><div class="language-shell codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#393A34;--prism-background-color:#f6f8fa"><div class="codeBlockContent_biex"><pre tabindex="0" class="prism-code language-shell codeBlock_bY9V thin-scrollbar"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#393A34"><span class="token plain">$ </span><span class="token function" style="color:#d73a49">sh</span><span class="token plain"> mqadmin getAccessConfigSubCommand -n </span><span class="token number" style="color:#36acaa">192.168</span><span class="token plain">.1.2:9876 -c DefaultCluster</span><br></span></code></pre><div class="buttonGroup__atx"><button type="button" aria-label="复制代码到剪贴板" title="复制" class="clean-btn"><span class="copyButtonIcons_eSgA" aria-hidden="true"><svg viewBox="0 0 24 24" class="copyButtonIcon_y97N"><path fill="currentColor" d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z"></path></svg><svg viewBox="0 0 24 24" class="copyButtonSuccessIcon_LjdS"><path fill="currentColor" d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z"></path></svg></span></button></div></div></div><p>说明:如果指定的是集群名称,则会在集群中各个broker节点执行该命令;否则会在单个broker节点执行该命令。</p><table><thead><tr><th>参数</th><th>取值</th><th>含义</th></tr></thead><tbody><tr><td>n</td><td>eg:192.168.1.2:9876</td><td>namesrv地址(必填)</td></tr><tr><td>c</td><td>eg:DefaultCluster</td><td>指定集群名称(与broker地址二选一)</td></tr><tr><td>b</td><td>eg:192.168.12.134:10911</td><td>指定broker地址(与集群名称二选一)</td></tr></tbody></table><p><strong>特别注意</strong>开启Acl鉴权认证后导致Master/Slave和Dledger模式下Broker同步数据异常的问题, |
| 在社区<!-- -->[4.5.1]<!-- -->版本中已经修复,具体的PR链接为:<a href="https://github.com/apache/rocketmq/pull/1149%EF%BC%9B" target="_blank" rel="noopener noreferrer">https://github.com/apache/rocketmq/pull/1149;</a></p></div><footer class="theme-doc-footer docusaurus-mt-lg"><div class="theme-doc-footer-edit-meta-row row"><div class="col"><a href="https://github.com/apache/rocketmq-site/tree/new-official-website/docs/05-bestPractice/04access.md" target="_blank" rel="noreferrer noopener" class="theme-edit-this-page"><svg fill="currentColor" height="20" width="20" viewBox="0 0 40 40" class="iconEdit_Z9Sw" aria-hidden="true"><g><path d="m34.5 11.7l-3 3.1-6.3-6.3 3.1-3q0.5-0.5 1.2-0.5t1.1 0.5l3.9 3.9q0.5 0.4 0.5 1.1t-0.5 1.2z m-29.5 17.1l18.4-18.5 6.3 6.3-18.4 18.4h-6.3v-6.2z"></path></g></svg>编辑此页</a></div><div class="col lastUpdated_vwxv"></div></div></footer></article><nav class="pagination-nav docusaurus-mt-lg" aria-label="文件选项卡"><a class="pagination-nav__link pagination-nav__link--prev" href="/zh/docs/4.x/bestPractice/03messagetra"><div class="pagination-nav__sublabel">上一页</div><div class="pagination-nav__label">消息轨迹</div></a><a class="pagination-nav__link pagination-nav__link--next" href="/zh/docs/4.x/bestPractice/05JVMOS"><div class="pagination-nav__sublabel">下一页</div><div class="pagination-nav__label">JVM/OS配置</div></a></nav></div></div><div class="col col--3"><div class="tableOfContents_bqdL thin-scrollbar theme-doc-toc-desktop"><ul class="table-of-contents table-of-contents__left-border"><li><a href="#1权限控制特性介绍" class="table-of-contents__link toc-highlight">1.权限控制特性介绍</a></li><li><a href="#2-权限控制的定义与属性值" class="table-of-contents__link toc-highlight">2. 权限控制的定义与属性值</a><ul><li><a href="#21权限定义" class="table-of-contents__link toc-highlight">2.1权限定义</a></li><li><a href="#22-权限定义的关键属性" class="table-of-contents__link toc-highlight">2.2 权限定义的关键属性</a></li></ul></li><li><a href="#3-支持权限控制的集群部署" class="table-of-contents__link toc-highlight">3. 支持权限控制的集群部署</a></li><li><a href="#4-权限控制主要流程" class="table-of-contents__link toc-highlight">4. 权限控制主要流程</a><ul><li><a href="#41-权限解析" class="table-of-contents__link toc-highlight">4.1 权限解析</a></li><li><a href="#42-权限校验" class="table-of-contents__link toc-highlight">4.2 权限校验</a></li></ul></li><li><a href="#5-热加载修改后权限控制定义" class="table-of-contents__link toc-highlight">5. 热加载修改后权限控制定义</a></li><li><a href="#6-权限控制的使用限制" class="table-of-contents__link toc-highlight">6. 权限控制的使用限制</a></li><li><a href="#7-acl-mqadmin配置管理命令" class="table-of-contents__link toc-highlight">7. ACL mqadmin配置管理命令</a><ul><li><a href="#71-更新acl配置文件中account的属性值" class="table-of-contents__link toc-highlight">7.1 更新ACL配置文件中“account”的属性值</a></li><li><a href="#72-删除acl配置文件里面的对应account" class="table-of-contents__link toc-highlight">7.2 删除ACL配置文件里面的对应“account”</a></li><li><a href="#73-更新acl配置文件里面中的全局白名单" class="table-of-contents__link toc-highlight">7.3 更新ACL配置文件里面中的全局白名单</a></li><li><a href="#74-查询集群broker的acl配置文件版本信息" class="table-of-contents__link toc-highlight">7.4 查询集群/Broker的ACL配置文件版本信息</a></li><li><a href="#75-查询集群broker的acl配置文件全部内容" class="table-of-contents__link toc-highlight">7.5 查询集群/Broker的ACL配置文件全部内容</a></li></ul></li></ul></div></div></div></div></main></div></div><footer class="footer footer--dark"><div class="container container-fluid"><div class="row footer__links"><div class="col footer__col"><div class="footer__title">Learn</div><ul class="footer__items clean-list"><li class="footer__item"><a class="footer__link-item" href="/zh/docs/domainModel/01main">Introduction</a></li><li class="footer__item"><a class="footer__link-item" href="/zh/docs/quickStart/01quickstart">Installation</a></li><li class="footer__item"><a class="footer__link-item" href="/zh/version">Migration from 4.x to 5.0</a></li></ul></div><div class="col footer__col"><div class="footer__title">Community</div><ul class="footer__items clean-list"><li class="footer__item"><a href="https://twitter.com/ApacheRocketMQ" target="_blank" rel="noopener noreferrer" class="footer__link-item">Twitter<svg width="13.5" height="13.5" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a></li><li class="footer__item"><a href="https://github.com/apache/rocketmq" target="_blank" rel="noopener noreferrer" class="footer__link-item">Github</a></li><li class="footer__item"><a href="https://github.com/apache/rocketmq" target="_blank" rel="noopener noreferrer" class="footer__link-item">Help</a></li></ul></div><div class="col footer__col"><div class="footer__title">More</div><ul class="footer__items clean-list"><li class="footer__item"><a class="footer__link-item" href="/zh/blog">Blog</a></li><li class="footer__item"><a class="footer__link-item" href="/zh/release-notes">Changelog</a></li><li class="footer__item"><a href="https://github.com/apache/rocketmq" target="_blank" rel="noopener noreferrer" class="footer__link-item">GitHub<svg width="13.5" height="13.5" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a></li><li class="footer__item"><a href="https://twitter.com/docusaurus" target="_blank" rel="noopener noreferrer" class="footer__link-item">Twitter<svg width="13.5" height="13.5" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a></li></ul></div><div class="col footer__col"><div class="footer__title">Legal</div><ul class="footer__items clean-list"><li class="footer__item"><a href="https://www.apache.org/licenses/" target="_blank" rel="noopener noreferrer" class="footer__link-item">Licenses<svg width="13.5" height="13.5" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a></li><li class="footer__item"><a href="https://www.apache.org/security/" target="_blank" rel="noopener noreferrer" class="footer__link-item">Security<svg width="13.5" height="13.5" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a></li><li class="footer__item"><a href="https://www.apache.org/foundation/thanks.html" target="_blank" rel="noopener noreferrer" class="footer__link-item">Thanks<svg width="13.5" height="13.5" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a></li><li class="footer__item"><a href="https://www.apache.org/foundation/sponsorship.html" target="_blank" rel="noopener noreferrer" class="footer__link-item">Sponsorship<svg width="13.5" height="13.5" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a></li></ul></div></div><div class="footer__bottom text--center"><div class="margin-bottom--sm"><a href="https://rocketmq.apache.org/" rel="noopener noreferrer" class="footerLogoLink_BH7S"><img src="/zh/img/Apache_RocketMQ_logo.svg.png" alt="Meta Open Source Logo" class="themedImage_ToTc themedImage--light_HNdA footer__logo"><img src="/zh/img/Apache_RocketMQ_logo.svg.png" alt="Meta Open Source Logo" class="themedImage_ToTc themedImage--dark_i4oU footer__logo"></a></div><div class="footer__copyright">Copyright © 2024 The Apache Software Foundation. Licensed under the Apache License, Version 2.0.</div></div></div></footer></div> |
| <script src="/zh/assets/js/runtime~main.b17b65ca.js"></script> |
| <script src="/zh/assets/js/main.46e74ac2.js"></script> |
| </body> |
| </html> |
