# Authorization

Authorization controls what MQTT clients are allowed to do after they connect, specifically whether they can publish messages to a topic or subscribe to one.

When a client attempts to publish or subscribe, EMQX Edge checks their permissions using one of the following methods:

- [Built-in File](./authz-built-in-file.md): Evaluates ACL rules defined in a local file.
- [HTTP Query](./authz-http.md): Queries an external HTTP authorization server.

Based on the result, EMQX Edge either allows or denies the action, helping you protect topics and ensure only the right clients have access.

## Authorization Methods

| Method | Description |
|---|---|
| Built-in File | Define static ACL rules directly in a configuration file. Suitable for simple, fixed permission setups. |
| HTTP Query | Delegate authorization decisions to an external HTTP service. Suitable for dynamic, fine-grained access control. |

Both methods can be configured from the EMQX Edge Dashboard under **Authorization**.