Hi Everyone, I’m trying to configure RBAC to work with Sparkplug and Ignition MQTT Modules.
I have a user for called engine1 which is the primary host (subscriber) to sparkplug which has full read/write capabilities using the admin role. engine1 user doesn’t have any issues.
I have a user called tx1 which is the transmitter (publisher) and has access to any topics that start with spBv1.0 with the tx1 role. This would include the spBv1.0/STATE, and spBv1.0/GroupID/EdgeID/DeviceID topics utilized in Sparkplug.
tx1 user only works when it is set with the admin role and fails when set to tx1 role.
When I do set tx1 to admin and monitor all topics using MQTT explorer, i can see all topics published by Ignition are within spBv1.0/#.
Surely this has happened to other users? Or its a known issue with RBAC and everyone uses ESE?
Including ${{username}} or ${{clientid}} in the permissions topic doesn’t help me.
Once this hurdle is crossed, I do want to create further restrictions on tx1 to say spBv1.0/STATE and spBv1.0/GroupID/#
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<file-rbac>
<users>
<user>
<name>engine1</name>
<password>pass</password>
<roles>
<id>admin</id>
</roles>
</user>
<user>
<name>tx1</name>
<password>pass</password>
<roles>
<id>tx1</id>
</roles>
</user>
</users>
<roles>
<role>
<id>admin</id>
<permissions>
<permission>
<topic>#</topic>
</permission>
</permissions>
</role>
<role>
<id>tx1</id>
<permissions>
<permission>
<topic>spBv1.0/#</topic>
</permission>
</permissions>
</role>
</roles>
</file-rbac>