Skip to content


Authorization refers to controlling the permissions for MQTT client's publish and subscribe operations. The basic principle of EMQX's authorization mechanism is that when a client attempts to publish or subscribe, EMQX retrieves the client's permission data from the data source according to a specific process or user-defined query statements. It then matches the permissions with the operation to be performed, allowing or denying the operation based on the match results.

A single piece of client permission data consists of the following parts:

PermissionClientActionAction Details
Allow/DenyClient ID/Username/IP AddressPublish/Subscribe/Publish SubscribeTopic/QoS/Retained Messages

Default Authorization

EMQX Platform provides a default authentication method, which will authorize based on rules stored in the built-in database.

Extended Authorization

In addition to the default authorization based on the built-in database, it also supports authorization authentication through integration with various backend databases, including MySQL, PostgreSQL, Redis, and HTTP.

Authorization Support by Version

VersionDefault AuthorizationExtended Authorization