Authorization
Authorization determines what an authenticated MQTT client can do on a broker.
After the broker authenticates a client, it enforces authorization rules for every publish and subscribe operation the client attempts. The broker rejects any operation that the client’s authorization configuration does not permit.
Authorization operates independently of authentication. A client can authenticate successfully and still lack authorization for specific topics.
What Authorization Controls
Authorization rules specify:
-
Which topics a client can publish to
-
Which topics a client can subscribe to
-
Whether those permissions apply to specific topic strings or topic filter patterns
The broker evaluates authorization rules on every message and subscription request.
HiveMQ Platform
Configure authorization as part of the access management settings for each broker. Authorization rules work together with Permissions to define the full scope of client access.
For more information about the authentication step that precedes authorization, see Authentication.