Permissions

Permissions are the individual rules that define which MQTT topics a client can publish to or subscribe to.

Each permission specifies:

  • A topic filter: the topic or topic pattern the rule applies to

  • An action: publish, subscribe, or both

  • An effect: allow or deny

The broker evaluates permissions on every publish and subscribe request from a connected client.

Topic Filters in Permissions

Topic filters in permissions follow the same wildcard syntax as MQTT subscriptions:

  • ` matches a single level in the topic hierarchy. For example, `sensors//temperature matches sensors/room1/temperature and sensors/room2/temperature.

  • matches all remaining levels. For example, sensors/ matches all topics under sensors/.

Use specific topic filters to limit client access to only the topics each client needs. Overly broad filters, such as #, grant access to all topics on the broker.

HiveMQ Platform

Assign permissions to clients directly or through roles. For role-based assignment, see Role-Based Access Control.

For the broader access management context, see Access Management.