Add a Permission
Permissions define the actions that authenticated MQTT clients are authorized to perform. For more information, see Permissions.
| The HiveMQ Platform caches permissions for 5 minutes. Changes to a permission take up to 5 minutes to become active. |
To open permission settings, follow the steps in Configure Access Management, then switch to Access Management.
The way a permission applies to a credential differs by plan. On the Serverless plan, a permission applies directly to a credential. On the Starter plan, a permission applies to a credential only after you add it to a role. For more information, see Add a Custom Role.
Serverless Plan
| The Serverless plan includes default permissions. |
-
In Authorization > Permissions, click Add New.
-
In Name, type a unique name.
-
In Description, type a description of what access this permission allows.
-
In Topic Filter, type a topic filter.
-
In Permission Type, select Publish Only, Subscribe Only, or Publish and Subscribe.
-
Click Add.
The permission name, description, and configuration appear in Permissions.
Starter Plan
| The Starter plan includes no permissions by default. |
-
In Authorization > Permissions, click Add New.
If permissions already exist, click Add Permission instead.
-
In Name, type a unique name.
-
In Description, type a description of what access this permission allows.
-
In Topic Filter, type a topic filter.
The Starter plan supports dynamic variables in MQTT topics to customize access based on the authentication method you use. MQTT special characters such as #(multi-level wildcard) and+have unique functions in topic filters. For more information, see MQTT Topics, Wildcards, and Best Practices. -
In Publish/Subscribe, activate or deactivate each option.
-
In QoS Levels, de-select any Quality of Service levels not required for this permission.
-
In Advanced Options, activate or deactivate Retained Messages and Shared Subscriptions.
-
Click Add.
The permission name, description, and configuration appear in Permissions. Add the permission to a role to assign it to a credential, client certificate, or JWT.