Hi,
I’m getting this below thing, my understanding is whether the client is writting from the particular topic for which it is not permiting to? Im not sure why i see this. Can someone please explain on why it is not authorized to publish ?
Client ID: abcdefghijk, IP: 10.1.2.193 was disconnected. reason: Not authorized to publish on topic ‘sp/sampletopic’ with QoS ‘0’ and retain ‘false’.
Any help is much appreciated.
Hi @Shaku,
with this sparse information it’s hard to help.
Can you please share with us what extension you use for authorization and what the config of the extension looks like.
Greetings,
Michael from the HiveMQ team
Can you share the access.log? This is where the security extension saves all it’s information regarding authn/authz:
2022-10-02 06:59:42,402 UTC - authentication-succeeded - Client succeeded authentication: ID Ot8Ebk0vm0cI1mT, IP 10.254.130.193.
2022-10-02 06:59:42,489 UTC - authorization-succeeded - Client succeeded authorization: ID Ot8Ebk0vm0cI1mT, IP 10.254.130.193, permissions [Permission{topicFilter='#', qos=[0, 1, 2], activity=[publish, subscribe], retainedPublishAllowed=false, sharedSubscribeAllowed=false, sharedGroup='', from='sepp'}].
To be more specific I only need the permissions part from the client you mentioned above, from this we can find out if your client has the correct permissions set that it can publish to topic “sp/sampletopic”:
permissions [Permission{topicFilter='#', qos=[0, 1, 2], activity=[publish, subscribe], retainedPublishAllowed=false, sharedSubscribeAllowed=false, sharedGroup='', from='sepp'}].
You find the access.log in the log folder
Greetings,
Michael
The issue lies here:
The client doesn’t have any rights to publish, it can only subscribe. In the “from” attribute you can see that the permission came from “mqtt-read-only” (which by name suggests only gives subscribe rights).
The solution is to give the client also publish rights => activity=[publish, subscribe],
Greetings,
Michael
