Sparkplug RBAC Issues

Hi Everyone, I’m trying to configure RBAC to work with Sparkplug and Ignition MQTT Modules.

I have a user for called engine1 which is the primary host (subscriber) to sparkplug which has full read/write capabilities using the admin role. engine1 user doesn’t have any issues.

I have a user called tx1 which is the transmitter (publisher) and has access to any topics that start with spBv1.0 with the tx1 role. This would include the spBv1.0/STATE, and spBv1.0/GroupID/EdgeID/DeviceID topics utilized in Sparkplug.

tx1 user only works when it is set with the admin role and fails when set to tx1 role.

When I do set tx1 to admin and monitor all topics using MQTT explorer, i can see all topics published by Ignition are within spBv1.0/#.

Surely this has happened to other users? Or its a known issue with RBAC and everyone uses ESE?

Including ${{username}} or ${{clientid}} in the permissions topic doesn’t help me.

Once this hurdle is crossed, I do want to create further restrictions on tx1 to say spBv1.0/STATE and spBv1.0/GroupID/#

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<file-rbac>
    <users>
        <user>
            <name>engine1</name>
            <password>pass</password>
            <roles>
                <id>admin</id>
            </roles>
        </user>
        <user>
            <name>tx1</name>
            <password>pass</password>
            <roles>
                <id>tx1</id>
            </roles>
        </user>
    </users>
    <roles>
        <role>
            <id>admin</id>
            <permissions>
                <permission>
                    <topic>#</topic>
                </permission>
            </permissions>
        </role>
        <role>
            <id>tx1</id>
            <permissions>
                <permission>
                    <topic>spBv1.0/#</topic>
                </permission>
            </permissions>
        </role>
    </roles>
</file-rbac>

Issue has been resolved on Ignition forum here.

Need to include the legacy topic STATE/# in addition to spBv1.0/STATE/#