Access Management

Access management in the HiveMQ Platform applies to two separate areas: platform user access and MQTT client access.

HiveMQ Platform User Access

Platform user access controls what team members can do in the HiveMQ Platform interface.

For HiveMQ Platform user roles (Owner, Admin, Viewer), see Organization.

MQTT Client Access

MQTT client access controls which MQTT clients connect to your brokers and what those clients can do. The HiveMQ Platform supports MQTT client access management at the broker level. Each broker enforces its own access management configuration.

Access management options for HiveMQ Cloud brokers differ for each cloud subscription plan. For more details, see Access Management Options by Cloud Subscription Plan.

Access management has three components:

  • Authentication: Verifies the identity of a client before the broker allows connection.

  • Authorization: Determines what an authenticated client can do.

  • Permissions: Define the specific topics a client can publish to or subscribe to.

Use access management to:

  • Restrict broker access to known, trusted devices

  • Prevent unauthorized clients from publishing or subscribing to sensitive topics

  • Separate data flows between different devices or applications

Configure Access Management by Broker Type

The steps to configure access management depend on your broker type.

For a HiveMQ Cloud broker, configure access management from the HiveMQ Platform interface. See Configure Access Management.

HiveMQ Software brokers handle authentication and authorization through security extensions. For more information, see the HiveMQ user guide: Authentication and Authorization.