Skip to content

[ISSUE #10498] Update ACL documentation to include required 5.x properties #10499

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
SummCoder wants to merge 1 commit into
base: develop
Choose a base branch
from
+16 −2
Open

[ISSUE #10498] Update ACL documentation to include required 5.x properties #10499

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 8 additions & 1 deletion docs/cn/acl/user_guide.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,8 @@ ACL客户端可以参考:**org.apache.rocketmq.example.simple**包下面的**A
具体可以参考**distribution/conf/plain_acl.yml**配置文件

## 3. 支持权限控制的集群部署
在**distribution/conf/plain_acl.yml**配置文件中按照上述说明定义好权限属性后,打开**aclEnable**开关变量即可开启RocketMQ集群的ACL特性。这里贴出Broker端开启ACL特性的properties配置文件内容:
在**distribution/conf/plain_acl.yml**配置文件中按照上述说明定义好权限属性后,在Broker配置文件中设置以下属性即可开启RocketMQ集群的ACL特性:

```
brokerClusterName=DefaultCluster
brokerName=broker-a
Expand All @@ -48,6 +49,12 @@ storePathCommitLog=/data/rocketmq/commitlog-a-m
autoCreateSubscriptionGroup=true
## if acl is open,the flag will be true
aclEnable=true
## RocketMQ 5.x 需要额外配置以下ACL属性
authenticationEnabled=true
authorizationEnabled=true
migrateAuthFromV1Enabled=true

@majialoong majialoong Jun 15, 2026

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think migrateAuthFromV1Enabled is not necessary here, since it is only required when migrating from ACL v1 to ACL v2.

@RongtongJin RongtongJin Jun 18, 2026

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I do not think migrateAuthFromV1Enabled=true should be documented as part of the baseline 5.x ACL setup. It is specifically for migrating v1 plain_acl.yml data into the new auth model. Please move it into a migration note instead of the default configuration block.

authenticationMetadataProvider=org.apache.rocketmq.auth.authentication.provider.LocalAuthenticationMetadataProvider
authorizationMetadataProvider=org.apache.rocketmq.auth.authorization.provider.LocalAuthorizationMetadataProvider
listenPort=10911

@majialoong majialoong Jun 15, 2026

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe we should also add the default authentication and authorization providers here for completeness:

authenticationProvider=org.apache.rocketmq.auth.authentication.provider.DefaultAuthenticationProvider
authorizationProvider=org.apache.rocketmq.auth.authorization.provider.DefaultAuthorizationProvider

@RongtongJin RongtongJin Jun 18, 2026

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Since the default authentication/authorization providers are part of the effective setup, please document them explicitly or explain that they are defaulted by code. Otherwise users may copy an incomplete config and still be unclear about the provider chain.

brokerIP1=XX.XX.XX.XX1
namesrvAddr=XX.XX.XX.XX:9876
Expand Down
9 changes: 8 additions & 1 deletion docs/en/acl/Operations_ACL.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,8 @@ The definition of Topic resource access control for RocketMQ is mainly as shown
For details, please refer to the **distribution/conf/plain_acl.yml** configuration file.

## 3. Cluster deployment with permission control
After defining the permission attribute in the **distribution/conf/plain_acl.yml** configuration file as described above, open the **aclEnable** switch variable to enable the ACL feature of the RocketMQ cluster.The configuration file of the ACL feature enabled on the broker is as follows:
After defining the permission attribute in the **distribution/conf/plain_acl.yml** configuration file as described above, enable the ACL feature by setting the following properties in the broker configuration file:

```properties
brokerClusterName=DefaultCluster
brokerName=broker-a
Expand All @@ -47,6 +48,12 @@ storePathCommitLog=/data/rocketmq/commitlog-a-m
autoCreateSubscriptionGroup=true
## if acl is open,the flag will be true
aclEnable=true
## RocketMQ 5.x requires the following additional ACL properties
authenticationEnabled=true
authorizationEnabled=true
migrateAuthFromV1Enabled=true

@majialoong majialoong Jun 15, 2026

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ditto.

@RongtongJin RongtongJin Jun 18, 2026

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same issue as the Chinese doc: migrateAuthFromV1Enabled=true should not be presented as a general required setting. Please document it only for v1 ACL migration scenarios.

authenticationMetadataProvider=org.apache.rocketmq.auth.authentication.provider.LocalAuthenticationMetadataProvider
authorizationMetadataProvider=org.apache.rocketmq.auth.authorization.provider.LocalAuthorizationMetadataProvider
listenPort=10911
brokerIP1=XX.XX.XX.XX1
namesrvAddr=XX.XX.XX.XX:9876
Expand Down
Loading