ajazam
commented
1 year ago Any changes in the ACL's for a particular MQTT client need to be enforced by the broker as soon as the changes are applied.
Open ajazam opened 1 year ago
ajazam
commented
1 year ago Any changes in the ACL's for a particular MQTT client need to be enforced by the broker as soon as the changes are applied.
An Access Control List system is required to allow MQTT clients to only PUBLISH and SUBSCRIBE to topics if the packets pass the ACL.
If there are no ACL's for a client then an implicit deny is enforced for both PUBLISH and SUBSCRIBES packets. The ACL will have the following format
PUBLISH sensor/1234/# ALLOW PUBLISH sensor/1236/# ALLOW
SUBSCRIBE sensor/# ALLOW
PUBLISH sensor/1234/# DENY
The DENY's overrule all permissions irrespective of the position in the ACL.
PUBLISH sensor/1234/2 will be denied because there is an explicit DENY (PUBLISH sensor/1234/# DENY), even though there is an explicit ALLOW (PUBLISH sensor/1234/# ALLOW)
A client can subscribe to SUBSCRIBE # and will only get packets for topics which pass the ACL.