Access Control

Authentication and authorization are foundational security mechanisms in any system. Authentication verifies user identities, while authorization determines what actions those users are allowed to perform. In the context of EMQX Edge, a lightweight MQTT broker, these mechanisms are essential to ensure the system’s security, data integrity, and controlled access.

This section outlines the supported access control mechanisms in EMQX Edge, including:

• User Login Authentication
• JWT Authentication
• Access Control Lists (ACL)
• HTTP-Based Authorization

Basic Authentication Configuration Example

EMQX Edge supports flexible authentication configuration through a declarative syntax. A basic example is shown below:

auth {
  allow_anonymous = true
  no_match = allow
  deny_action = ignore
  password = {include "/etc/nanomq_pwd.conf"}
  acl = {include "/etc/nanomq_acl.conf"}
}

where,

• allow_anonymous data type is boolean, with a default value of true, which allows anonymous login.
• no_match defines the default action when no matching authentication rule is found.
• deny_action determines what to do if a request is rejected according to the authorization checks. The available options are ignore or disconnect.
• password is the password file path. It includes the contents of the nanomq_pwd.conf file in your configuration. Make sure that the file only contains the password in the correct format, using include to include your password file.
• acl is the ACL file path. It includes the contents of the nanomq_acl.conf file in your configuration. Make sure that the file only contains the ACL in the correct format, using include to include your ACL file.

TIP

If you are using the default configuration file, you do not need to use the include syntax for password and ACL files. The include directive is mainly intended for users who want to manage those configurations separately.