You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@rocketmq.apache.org by GitBox <gi...@apache.org> on 2022/12/23 09:13:09 UTC
[GitHub] [rocketmq-site] mxsm commented on a diff in pull request #403: [ISSUE #292]Translation for "Best Practices-权限控制" Section in the v4.x & 5.0 Document (CN -> EN)
mxsm commented on code in PR #403:
URL: https://github.com/apache/rocketmq-site/pull/403#discussion_r1056166461
##########
i18n/en/docusaurus-plugin-content-docs/current/05-bestPractice/18access.md:
##########
@@ -1,38 +1,48 @@
-# 权限控制
-
-## 1.权限控制特性介绍
-权限控制(ACL)主要为RocketMQ提供Topic资源级别的用户访问控制。用户在使用RocketMQ权限控制时,可以在Client客户端通过 RPCHook注入AccessKey和SecretKey签名;同时,将对应的权限控制属性(包括Topic访问权限、IP白名单和AccessKey和SecretKey签名等)设置在distribution/conf/plain_acl.yml的配置文件中。Broker端对AccessKey所拥有的权限进行校验,校验不过,抛出异常;
-ACL客户端可以参考:**org.apache.rocketmq.example.simple**包下面的**AclClient**代码。
-
-## 2. 权限控制的定义与属性值
-### 2.1权限定义
-对RocketMQ的Topic资源访问权限控制定义主要如下表所示,分为以下四种
-
-
-| 权限 | 含义 |
-| --- | --- |
-| DENY | 拒绝 |
-| ANY | PUB 或者 SUB 权限 |
-| PUB | 发送权限 |
-| SUB | 订阅权限 |
-
-### 2.2 权限定义的关键属性
-| 字段 | 取值 | 含义 |
-| --- | --- | --- |
-| globalWhiteRemoteAddresses | \*;192.168.\*.\*;192.168.0.1 | 全局IP白名单 |
-| accessKey | 字符串 | Access Key |
-| secretKey | 字符串 | Secret Key |
-| whiteRemoteAddress | \*;192.168.\*.\*;192.168.0.1 | 用户IP白名单 |
-| admin | true;false | 是否管理员账户 |
-| defaultTopicPerm | DENY;PUB;SUB;PUB\|SUB | 默认的Topic权限 |
-| defaultGroupPerm | DENY;PUB;SUB;PUB\|SUB | 默认的ConsumerGroup权限 |
-| topicPerms | topic=权限 | 各个Topic的权限 |
-| groupPerms | group=权限 | 各个ConsumerGroup的权限 |
-
-具体可以参考**distribution/conf/plain_acl.yml**配置文件
-
-## 3. 支持权限控制的集群部署
-在**distribution/conf/plain_acl.yml**配置文件中按照上述说明定义好权限属性后,打开**aclEnable**开关变量即可开启RocketMQ集群的ACL特性。这里贴出Broker端开启ACL特性的properties配置文件内容:
+# Permission control
+
+## 1. Introduction to permission control features
+
+Permission control (ACL) mainly provides advanced access control functions at the Topic resource level for RocketMQ. When using RocketMQ permission control, users can inject user name and password parameters into the Client client to achieve signature, and the server can implement permission management and verification of various resources through permission control parameters.
Review Comment:
@tsunghanjacktsai got it, i will fix it later
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@rocketmq.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org