nanomq icon indicating copy to clipboard operation
nanomq copied to clipboard
verified publisher icon nanomq

Question about the ACL rules

Open michaelcplusplus opened this issue 1 year ago • 2 comments

I would like to prevent access to $SYS/#. I therefore also need to prevent access to #. Otherwise, $SYS can be subscribed to again by subscribing to the topic #. But if I work with this set of rules, then no more topics can be subscribed to at all.

rules = [ {"permit": "allow", "username": "dashboard", "action": "subscribe", "topics": ["$SYS/#"]} {"permit": "deny", "username": "#", "action": "subscribe", "topics": ["$SYS/#", "#"]} {"permit": "allow"} ]

I assume that all subscriptions are rejected by specifying #.

image

michaelcplusplus avatar Sep 12 '24 10:09 michaelcplusplus

Your guess is correct. # stands for wildcard filter here, not symbol itself. For now, there is no way to specify # only, you have to add single topic in allow first to avoid #.

JaylinYu avatar Mar 03 '25 09:03 JaylinYu

Sorry for the late reply

I added a new configure method for you to specify wildcard only.

just add @ before your topic with wild card. For example if you add

{"permit": "deny", "username": "#", "action": "subscribe", "topics": ["$SYS/#", "@#"]}

then it only takes effect on # only, not all topics. but it forbids your to use @ at the beginning of your topic.

will come with the next release 0.23.3

JaylinYu avatar Mar 03 '25 09:03 JaylinYu

already done so.

JaylinYu avatar Sep 15 '25 03:09 JaylinYu