# Access Control

Authentication and authorization are foundational security mechanisms in any system. Authentication verifies user identities, while authorization determines what actions those users are allowed to perform. In the context of EMQX Edge, a lightweight MQTT broker, these mechanisms are essential to ensure the system’s security, data integrity, and controlled access.

This section outlines the supported access control mechanisms in EMQX Edge, including:

- User Login Authentication
- JWT Authentication
- Access Control Lists (ACL)
- HTTP-Based Authorization

## Basic Authentication Configuration Example

EMQX Edge supports flexible authentication configuration through a declarative syntax. A basic example is shown below:

```bash
auth {
  allow_anonymous = true
  no_match = allow
  deny_action = ignore
  password = {include "/etc/nanomq_pwd.conf"}
  acl = {include "/etc/nanomq_acl.conf"}
}
```

where, 

- `allow_anonymous` data type is `boolean`, with a default value of `true`, which allows anonymous login.
- `no_match` defines the default action when no matching authentication rule is found.
- `deny_action` determines what to do if a request is rejected according to the authorization checks. The available options are `ignore` or `disconnect`.
- `password` is the password file path. It includes the contents of the `nanomq_pwd.conf` file in your configuration. Make sure that the file only contains the password in the correct format, using `include` to include your password file.
- `acl` is the ACL file path. It includes the contents of the `nanomq_acl.conf` file in your configuration. Make sure that the file only contains the ACL in the correct format, using `include` to include your ACL file.

::: tip

If you are using the default configuration file, you do not need to use the `include` syntax for password and ACL files. The `include` directive is mainly intended for users who want to manage those configurations separately.

:::