Authorization
Authorization refers to controlling the permissions for MQTT client's publish and subscribe operations. The basic principle of EMQX's authorization mechanism is that when a client attempts to publish or subscribe, EMQX retrieves the client's permission data from the data source according to a specific process or user-defined query statements. It then matches the permissions with the operation to be performed, allowing or denying the operation based on the match results.
A single piece of client permission data consists of the following parts:
| Permission | Client | Action | Action Details |
|---|---|---|---|
| Allow/Deny | Client ID/Username/IP Address | Publish/Subscribe/Publish Subscribe | Topic/QoS/Retained Messages |
Default Authorization
EMQX Platform provides a default authentication method, which will authorize based on rules stored in the built-in database.
Extended Authorization
In addition to the default authorization based on the built-in database, it also supports authorization authentication through integration with various backend databases, including MySQL, PostgreSQL, Redis, and HTTP.
Authorization Support by Version
| Version | Default Authorization | Extended Authorization |
|---|---|---|
| Serverless | ✓ | ✗ |
| Dedicated | ✓ | ✓ |
| BYOC | ✓ | ✓ |