You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently the topic right are controlled by: write | read | readwrite | deny
where putting nothing after "topic" means readwrite.
"deny" will allways win over the others and block both read and write.
So, if you need to use wildchar /+/ in a part of a topic structure for write access since that part is dynamically created but need to exclude a speciffic part, that is not possible with the "deny" attribute since it the also blocks the reading.
Ex.
user client1
topic write main-topic/+/info
pattern read main-topic/#
would let you publish to:
main-topic/test1/info
main-topic/test2/info
but not:
main-topic/test1
and read all from main-topic/#
would let you publish to:
main-topic/test1/info
main-topic/test1
but not:
main-topic/test2
main-topic/test2/info
and read from all main-topic/# exept from main-topic/test2/#
However, if we also introduce "readdeny" and "writedeny"
we can effectivly block out a speciffic part of a topicstructure within a wildchar selection..
topic write main-topic/+/info
topic writedeny main-topic/test2/#
pattern read main-topic/#
would let you publish to:
main-topic/test1/info
main-topic/test1
but not:
main-topic/test2
main-topic/test2/info
and read from all main-topic/# including from main-topic/test2/#
Eg. the combination ONLY restrict write credentials for main-topic/test2/# within the wildchar selection.
Other nice to have would be:
partial wildchar selection:
main-topic/test+/# ; meaning the sub-topic need to start with "test"
main-topic/+test/# ; meaning the sub-topic need to end with "test"
main-topic/+test+/# ; meaning the sub-topic need to contain "test"
The similar wildchar concept may be useful also for user names
Are there any plans for adding support for "user group" and "user role" like in the dynamic_security plugin?
Best regards,
Anders Fromell /CTO
ITxPT.org
The text was updated successfully, but these errors were encountered:
Topic: acl file creation with extended control
Currently the topic right are controlled by: write | read | readwrite | deny
where putting nothing after "topic" means readwrite.
"deny" will allways win over the others and block both read and write.
So, if you need to use wildchar /+/ in a part of a topic structure for write access since that part is dynamically created but need to exclude a speciffic part, that is not possible with the "deny" attribute since it the also blocks the reading.
Ex.
user client1
topic write main-topic/+/info
pattern read main-topic/#
would let you publish to:
main-topic/test1/info
main-topic/test2/info
but not:
main-topic/test1
and read all from main-topic/#
topic write main-topic/#
pattern read main-topic/#
would let you publish to:
main-topic/test1/info
main-topic/test2/info
main-topic/test1
main-topic/test2
and read from all main-topic/#
topic write main-topic/#
topic deny main-topic/test2/#
pattern read main-topic/#
would let you publish to:
main-topic/test1/info
main-topic/test1
but not:
main-topic/test2
main-topic/test2/info
and read from all main-topic/# exept from main-topic/test2/#
However, if we also introduce "readdeny" and "writedeny"
we can effectivly block out a speciffic part of a topicstructure within a wildchar selection..
topic write main-topic/+/info
topic writedeny main-topic/test2/#
pattern read main-topic/#
would let you publish to:
main-topic/test1/info
main-topic/test1
but not:
main-topic/test2
main-topic/test2/info
and read from all main-topic/# including from main-topic/test2/#
Eg. the combination ONLY restrict write credentials for main-topic/test2/# within the wildchar selection.
Other nice to have would be:
partial wildchar selection:
main-topic/test+/# ; meaning the sub-topic need to start with "test"
main-topic/+test/# ; meaning the sub-topic need to end with "test"
main-topic/+test+/# ; meaning the sub-topic need to contain "test"
The similar wildchar concept may be useful also for user names
Are there any plans for adding support for "user group" and "user role" like in the dynamic_security plugin?
Best regards,
Anders Fromell /CTO
ITxPT.org
The text was updated successfully, but these errors were encountered: