Can anyone kindly help me with ACL configuration of HiveMQ community/enterprise edition where we can restrict based on client IDs?
I tested few configurations using the file-rbac-extension, but it just supports defining users and roles and mapping the roles to those users.
There isn’t a way to map the roles to specific clientIDs, like for example, for clientIDs falling under the regex ^abc-client, I need to control the publish and subscribe - how can I do this?
Hello @Daria_H,
Thank you for the prompt response.
I understand the configuration provided helps to get the connected clientID and use that in the topic restriction, which I have already done. But this doesn’t address my requirement/issue.
I have below set of permissions defined for a role,
Now, how can I map this role to only a set of clientIDs which falls under a regex pattern, say ^abc-client - meaning, only the clientIDs which starts with abc-client would get this permission/role, other clientIDs shouldn’t get this role/permission even if they use the same username/password.
To restrict permissions based on specific client IDs, you can use the HiveMQ File RBAC Extension’s substitution feature. The special markers ${{clientid}} and ${{username}} in the topic filter for a permission are automatically replaced by the extension with the client identifier and username of the client for which authorization is performed: HiveMQ File RBAC Extension - Substitution.
If you have any further questions or need assistance, please don’t hesitate to reach out!