Authorization MQTT Data


On EMQX is there available feature that users can manage Read Write on some topics?

  • user a with topic /foo/bar read only
  • user b with topic /foo/bar read and write

with same user different roles

Of course, EMQX provides the ACL feature, you can refer to this ACL doc.

Thanks for the quick reply,

My bad, I forgot about mentioning ACL in HTTP requests.
because on documentation I cannot find any section explaining that ACL ?
what I got from the documentation is that only the user can pub/sub to some topics and action allow/block,

or I miss something.

please help.

Sorry, currently EMQX only supports permission control for users, and does not provide role capabilities.

Are there any plans to develop this feature in the future?

Not yet. Which aspects of the current user access control cannot meet your needs?

I have a similar problem
I have a MySQL database (username, permission, action, topic)
in /etc/emqx.conf entered:

authorization {
   deny_action = ignore
   no_match = deny
   cache = { enable = true }
   sources = [

     type = mysql
     enable = true
     server = "address.of.mysql:3306"
     database = "users_db"
     username = "dbUser"
     password = "xxxxxxxxxxxxxxxxxxxxxxxx"
     auto_reconnect = true
     query = "SELECT permission, action, topic FROM emxq_user WHERE username = ${username}"

I have a user in the database:



unfortunately if I log in as “someuser” then he can both subscribe and publish all topic

Is there anything else I can do? Authorization doesn’t work :frowning:

EMQX version 5.0.16

Any error logs in EMQX? If not, you can try to trace the client to get more detailed logs.

Why not use external HTTP custom ACL for this scenario?