Does single hash'#' still work in ACL

[Schroeder-Chung]

Hi,

I have a process needs to subscribe all devices topics for checking internal rules and publish the topics back to devices or server if needs. For allowing the process to read/write all topics, I add below user rules in ACL,

user S1_LCC
topic readwrite #

But the process cannot PUBLISH the topics successfully. The Mosquitto log shows "Denied PUBLISH from xxxx". I try to changed the from '#' to '$aws/#'(i bridged mosquitto to AWS IoT), the process can publish the topics successfully. I then try to change the to "+/#", but Mosquitto shows invalid topic error. I googled and some online documents shows the single hash is working (ex: https://blog.jaimyn.dev/mqtt-use-acls-multiple-user-accounts/)

So I am confused about whether single hash is valid in ACL? or this feature has been removed in newer version. If my topic syntax is incorrect, please correct me.

I tried this on Mosquitto 2.0.10 and 2.0.18, both versions are failure. The platform is an embedded linux Yocto built and run on NXP imx7 custom board.

Thank you very much for the advice.

[ckrey]

topic wildcards # still work, but # does not include topics beginning with a $ sign. This is why topic readwrite $aws/# allows access, but # doesn't.

It is not recommended to use topics beginning with a $ sign: https://docs.oasis-open.org/mqtt/mqtt/v5.0/os/mqtt-v5.0-os.html#_Toc3901246

[Schroeder-Chung]

Hello @ckrey

Understood. Thank you very much for your explanation and the sharing document.