To maintain proper security control over publishing and subscribing to topics, you need to define access control list rules.
-
For a regular topic filter, specify one access control list (ACL) rule with groups of publishers, subscribers, or both.
For example:
Topic filter Publishers Subscribers company/model/year Pub1 Sub1 Here the topic filter represents the following topic
company/model/year
. The ACL rule authorizes any devices and users with thePub1
authorization group to publish to the topic. It also authorizes any devices and users with theSub1
authorization group to subscribe to this topic. -
For a user or device identity topic filter, specify two ACL rules with groups of publishers and subscribers defined separately in each rule. This way, you give access to the topic not only to devices or users with specific identifiers but also to groups of devices and users belonging to a specific authorization group. See Identity topic filters guidelines.
For example:
Topic filter Publishers Subscribers company/model/%u Empty * company/model/+ Pub1 Empty Here the topic filter may represent the following topic
company/model/ABC123
. The first ACL rule authorizes any user with theABC123
user identifier to subscribe to the topic. The second ACL rule authorizes any user with thePub1
authorization group to publish to this topic.Topic filter Publishers Subscribers company/%c/model Pub1 Empty company/+/model Empty Sub1 Here the topic filter may represent the following topic
company/CDE123/model
. The first ACL rule authorizes any device with thePub1
authorization group and theCDE123
client identifier to publish to the topic. The second ACL rule authorizes any device with theSub1
authorization group to subscribe to this topic.