Add a Permission

Permissions define the actions that authenticated MQTT clients are authorized to perform. For more information, see Permissions.

The HiveMQ Platform caches permissions for 5 minutes. Changes to a permission take up to 5 minutes to become active.

To open permission settings, follow the steps in Configure Access Management, then switch to Access Management.

The way a permission applies to a credential differs by plan. On the Serverless plan, a permission applies directly to a credential. On the Starter plan, a permission applies to a credential only after you add it to a role. For more information, see Add a Custom Role.

Serverless Plan

The Serverless plan includes default permissions.
  1. In Authorization > Permissions, click Add New.

  2. In Name, type a unique name.

  3. In Description, type a description of what access this permission allows.

  4. In Topic Filter, type a topic filter.

  5. In Permission Type, select Publish Only, Subscribe Only, or Publish and Subscribe.

  6. Click Add.

The permission name, description, and configuration appear in Permissions.

Starter Plan

The Starter plan includes no permissions by default.
  1. In Authorization > Permissions, click Add New.

    If permissions already exist, click Add Permission instead.

  2. In Name, type a unique name.

  3. In Description, type a description of what access this permission allows.

  4. In Topic Filter, type a topic filter.

    The Starter plan supports dynamic variables in MQTT topics to customize access based on the authentication method you use. MQTT special characters such as # (multi-level wildcard) and + have unique functions in topic filters. For more information, see MQTT Topics, Wildcards, and Best Practices.
  5. In Publish/Subscribe, activate or deactivate each option.

  6. In QoS Levels, de-select any Quality of Service levels not required for this permission.

  7. In Advanced Options, activate or deactivate Retained Messages and Shared Subscriptions.

  8. Click Add.

The permission name, description, and configuration appear in Permissions. Add the permission to a role to assign it to a credential, client certificate, or JWT.