Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Acl table problem #143

Open
aycakahya opened this issue Jul 10, 2019 · 2 comments
Open

Acl table problem #143

aycakahya opened this issue Jul 10, 2019 · 2 comments
Assignees

Comments

@aycakahya
Copy link

aycakahya commented Jul 10, 2019

mqtt_acl table
allow: 1, ipaddr: null, username: master, clientid: null, access: 1, topic: test
allow: 0, ipaddr: null, username: $all, clientid: null, access: 2, topic: test

auth.pgsql.acl_query
select allow, ipaddr, username, clientid, access, topic from mqtt_acl where ipaddr = '%a' or username = '%u' or username = '$all' or clientid = '%c'

I created the table and the query as above. But I want user 'master' to be able to read the test topic but not write it. I looked at the documents on the internet but could not find any solution.
Where am I making a mistake?

@gilbertwong96 gilbertwong96 self-assigned this Jul 10, 2019
@jwtea
Copy link

jwtea commented Sep 5, 2019

Also running into this problem. Is there no way to enable the ACL rules to function as a whitelist for topics?

@jwtea
Copy link

jwtea commented Sep 10, 2019

Something i missed is it seems you must reload the service after changing ACL rules in this table.

The following configuration allows for whitelisting by username when settings allow.anonymous to false in the emqx broker config.

 allow | ipaddr | username | clientid | access |     topic
     0 |        | $all     |          |      3 | #
     1 |        | admin    |          |      3 | /v1.0/device/#
     1 |        | client   |          |      3 | /v1.0/device/1
     1 |        | client2  |          |      3 | /v1.0/device/2

@turtleDeng turtleDeng assigned terry-xiaoyu and unassigned HJianBo Dec 26, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

5 participants