To maintain proper security control over publishing and subscribing to topics, you need to define access control list rules.

  • For a regular topic filter, specify one ACL rule with groups of publishers, subscribers, or both.

    For example:

    Topic filterPublishersSubscribers
    company/model/yearPub1Sub1

    Here the topic filter represents the following topic company/model/year. The ACL rule authorizes any devices and users with the Pub1 authorization group to publish to the topic. It also authorizes any devices and users with the Sub1 authorization group to subscribe to this topic.

  • For a user or device identity topic filter, specify two ACL rules with groups of publishers and subscribers defined separately in each rule. This way, you give access to the topic not only to devices or users with specific identifiers but also to groups of devices and users belonging to a specific authorization group. See Identity topic filters guidelines.

    For example:

    Topic filterPublishersSubscribers
    company/model/%uEmpty*
    company/model/+Pub1Empty

    Here the topic filter may represent the following topic company/model/ABC123. The first ACL rule authorizes any user with the ABC123 user identifier to subscribe to the topic. The second ACL rule authorizes any user with the Pub1 authorization group to publish to this topic.

    Topic filterPublishersSubscribers
    company/%c/modelPub1Empty
    company/+/modelEmptySub1

    Here the topic filter may represent the following topic company/CDE123/model. The first ACL rule authorizes any device with the Pub1 authorization group and the CDE123 client identifier to publish to the topic. The second ACL rule authorizes any device with the Sub1 authorization group to subscribe to this topic.