内置数据库 认证/访问控制

内置数据库认证使用 EMQX 内置 Mnesia 数据库存储客户端 Clientid/Username 与密码,支持通过 HTTP API 管理认证数据。

内置数据库认证不依赖外部数据源,使用上足够简单轻量。

Dashboard 管理

内置数据库认证可以通过 EMQX Dashboard 的 “模块” 进行开关以及管理

创建模块

打开 EMQX Dashboard内置数据库 认证/访问控制 - 图1 (opens new window),点击左侧的 “模块” 选项卡,选择添加:

image-20200928161310952

点击”选择”,然后选择内置数据库认证模块

image-20200928141305205

配置相关参数

image-20200927213049265

最后点击“添加”按钮模块即可添加成功。

image-20200928141558866

管理数据

内置数据库可以通过 dashboard 管理认证与访问控制数据

image-20200928141558866

认证数据

可以通过 dashboard 对认证数据进行管理

image-20200928141558866

当客户端连接 EMQX 时,内置数据库认证会获取 CONNENT 报文中的 Clientid 与 Username,然后数据库中记录的密码进行匹配,一旦匹配成功则认证成功。

访问控制数据

可以通过 dashboard 对访问控制数据进行管理

image-20200928141558866

HTTP API

内置数据库 认证/访问控制 还提供了 HTTP API

Mnesia 认证

Mnesia 认证使用 EMQX 内置 Mnesia 数据库存储客户端 Client ID/Username 与密码,支持通过 HTTP API 管理认证数据。

Mnesia 认证不依赖外部数据源,使用上足够简单轻量,Mnesia 支持使用 Client ID 或 Username 进行认证。

POST api/v4/auth_clientid

创建基于 Client ID 的认证规则。

Parameters (json):

NameTypeRequiredDescription
clientidStringTrueClient ID
passwordStringTrue密码

Success Response Body (JSON):

NameTypeDescription
codeInteger0

Examples

  1. ## Request
  2. curl -i \
  3.     --basic \
  4.     -u admin:public \
  5.     -X POST \
  6.     -d '{"clientid": "emqx_c", "password": "emqx_p"}' \
  7.   http://localhost:8081/api/v4/auth_clientid
  9. ## Return
  10. {"code":0}

POST api/v4/auth_username

创建基于 Username 的认证规则。

Parameters (json):

NameTypeRequiredDescription
usernameStringTrueUsername
passwordStringTrue密码

Success Response Body (JSON):

NameTypeDescription
codeInteger0

Examples

  1. ## Request
  2. curl -i \
  3.     --basic \
  4.     -u admin:public \
  5.     -X POST \
  6.     -d '{"username": "emqx_u", "password": "emqx_p"}' \
  7.   http://localhost:8081/api/v4/auth_username
  9. ## Return
  10. {"code":0}

POST api/v4/auth_clientid

批量创建基于 Client ID 的认证规则。

Path Parameters:

Parameters (json):

NameTypeRequiredDescription
[].clientidStringTrueClient ID
[].passwordStringTrue密码

Success Response Body (JSON):

NameTypeDescription
codeInteger0
dataObject

Examples

  1. ## Request
  2. curl -i \
  3.     --basic \
  4.     -u admin:public \
  5.     -X POST \
  6.     -d '[{"clientid": "emqx_c_1", "password": "emqx_p"}, {"clientid": "emqx_c_2", "password": "emqx_p"}]' \
  7.   http://localhost:8081/api/v4/auth_clientid
  9. ## Return
  10. {
  11.     "data":{
  12.         "emqx_c_2":"ok",
  13.         "emqx_c_1":"ok"
  14.     },
  15.     "code":0
  16. }

POST api/v4/auth_username

批量创建基于 Username 的认证规则。

Path Parameters:

Parameters (json):

NameTypeRequiredDescription
[].usernameStringTrueUsername
[].passwordStringTrue密码

Success Response Body (JSON):

NameTypeDescription
codeInteger0
dataObject

Examples

  1. ## Request
  2. curl -i \
  3.     --basic \
  4.     -u admin:public \
  5.     -X POST \
  6.     -d '[{"username": "emqx_u_1", "password": "emqx_p"}, {"username": "emqx_u_2", "password": "emqx_p"}]' \
  7.   http://localhost:8081/api/v4/auth_username
  9. ## Return
  10. {
  11.   "data":{
  12.     "emqx_u_2":"ok",
  13.     "emqx_u_1":"ok"
  14.   },
  15.   "code":0
  16. }

GET api/v4/auth_clientid

查看已经添加的认证数据。

Query String Parameters:

支持模糊查询,其包含的查询参数有:

NameTypeRequiredDescription
_like_clientidStringFalse客户端标识符,子串方式模糊查找

Success Response Body (JSON):

NameTypeDescription
codeInteger0
metaObject规则对象
dataObject规则对象
- data.[].clientidStringClient ID

Example

  1. ## Return
  2. $ curl -i \
  3.   --basic \
  4.   -u admin:public \
  5.   -X GET \
  6.   http://localhost:8081/api/v4/auth_clientid?_like_clientid=emqx
  8. ## Request
  9. {
  10.     "meta":{
  11.         "page":1,
  12.         "limit":10,
  13.         "count":3
  14.     },
  15.     "data":[
  16.         {
  17.             "clientid":"emqx_c_1"
  18.         },
  19.         {
  20.             "clientid":"emqx_c_2"
  21.         },
  22.         {
  23.             "clientid":"emqx_c"
  24.         }
  25.     ],
  26.     "code":0
  27. }

GET api/v4/auth_username

查看已经添加的认证数据。

Query String Parameters: 支持模糊查询,其包含的查询参数有:

NameTypeRequiredDescription
_like_usernameStringFalse客户端用户名,子串方式模糊查找

Success Response Body (JSON):

NameTypeDescription
codeInteger0
metaObject规则对象
dataObject规则对象
- data.[].usernameStringClient ID

Example

  1. ## Return
  2. curl -i \
  3.   --basic \
  4.   -u admin:public \
  5.   -X GET \
  6.   http://localhost:8081/api/v4/auth_username?_like_username=emqx
  8. ## Request
  9. {
  10.     "meta":{
  11.         "page":1,
  12.         "limit":10,
  13.         "count":3
  14.     },
  15.     "data":[
  16.         {
  17.             "username":"emqx_u"
  18.         },
  19.         {
  20.             "username":"emqx_u_2"
  21.         },
  22.         {
  23.             "username":"emqx_u_1"
  24.         }
  25.     ],
  26.     "code":0
  27. }

GET api/v4/auth_clientid/{clientid}

获取指定的资源的详细信息。

Path Parameters:

NameTypeRequiredDescription
clientidStringTrueClient ID

Success Response Body (JSON):

NameTypeDescription
codeInteger0
dataObject规则对象
- data.clientidStringClient ID
- data.passwordString注意此处返回的密码是使用配置文件指定哈希方式加密后的密码

Example

  1. ## Request
  2. curl -i \
  3.   --basic \
  4.   -u admin:public \
  5.   -X GET \
  6.   http://localhost:8081/api/v4/auth_clientid/emqx_c
  8. ## Return
  9. {
  10.   "data":{
  11.     "password":"bb7bb456355aaeb55a4eb26ea286314fc360138720cfca2c852d4dfb8cd834",
  12.     "clientid":"emqx_c"
  13.   },
  14.   "code":0
  15. }

GET api/v4/auth_username/{username}

获取指定的资源的详细信息。

Path Parameters:

NameTypeRequiredDescription
usernameStringTrueUsername

Success Response Body (JSON):

NameTypeDescription
codeInteger0
dataObject规则对象
- data.usernameStringUsername
- data.passwordString注意此处返回的密码是使用配置文件指定哈希方式加密后的密码

Example

  1. ## Request
  2. curl -i \
  3.   --basic \
  4.   -u admin:public \
  5.   -X GET \
  6.   http://localhost:8081/api/v4/auth_username/emqx_u
  8. ## Return
  9. {
  10.   "data":{
  11.     "password":"bb7bb456355aaeb55a4eb26ea286314fc360138720cfca2c852d4dfb8cd834",
  12.     "clientid":"emqx_u"
  13.   },
  14.   "code":0
  15. }

PUT api/v4/auth_clientid/{clientid}

更新已添加的认证数据。

Parameters (json):

NameTypeRequiredDescription
clientidStringTrueClient ID

Parameters (json):

NameTypeRequiredDescription
passwordStringTrue密码

Success Response Body (JSON):

NameTypeDescription
codeInteger0

Examples

  1. ## Request
  2. curl -i \
  3.     --basic \
  4.     -u admin:public \
  5.     -X PUT \
  6.     -d '{"password": "emqx_new_p"}' \
  7.   http://localhost:8081/api/v4/auth_clientid/emqx_c
  9. ## Return
  10. {"code":0}

PUT api/v4/auth_username/{username}

更新已添加的认证数据。

Parameters (json):

NameTypeRequiredDescription
usernameStringTrueUsername

Parameters (json):

NameTypeRequiredDescription
passwordStringTrue密码

Success Response Body (JSON):

NameTypeDescription
codeInteger0

Examples

  1. ## Request
  2. curl -i \
  3.     --basic \
  4.     -u admin:public \
  5.     -X PUT \
  6.     -d '{"password": "emqx_new_p"}' \
  7.   http://localhost:8081/api/v4/auth_username/emqx_u
  9. ## Return
  10. {"code":0}

DELETE /api/v4/auth_clientid/{clientid}

删除认证规则。

Path Parameters:

NameTypeRequiredDescription
clientidStringTrueClient ID

Parameters:

Success Response Body (JSON):

NameTypeDescription
codeInteger0

Examples:

  1. ## Request
  2. curl -i \
  3.     --basic \
  4.     -u admin:public \
  5.     -X Delete\
  6.   http://localhost:8081/api/v4/auth_clientid/emqx_c
  8. ## Return
  9. {"code":0}

DELETE /api/v4/auth_username/{username}

删除认证规则。

Path Parameters:

NameTypeRequiredDescription
usernameStringTrueUsername

Parameters:

Success Response Body (JSON):

NameTypeDescription
codeInteger0

Examples:

  1. ## Request
  2. curl -i \
  3.     --basic \
  4.     -u admin:public \
  5.     -X Delete\
  6.   http://localhost:8081/api/v4/auth_username/emqx_u
  8. ## Return
  9. {"code":0}

Mnesia 访问控制

Mnesia ACL 使用 EMQX 内置的 Mnesia 数据库存储 ACL 规则,可以存储数据、动态管理 ACL,方便与外部设备管理系统集成

POST api/v4/acl

添加 ACL 规则。

  • Clientid ACL

    Parameters (json):

    NameTypeRequiredDescription
    clientidStringTrueClient ID
    topicStringTrue主题
    actionsub/pub/pubsubTrue动作
    accessallow/denyTrue是否允许

    Success Response Body (JSON):

    NameTypeDescription
    codeInteger0
    dataObject规则对象
    - data.clientidStringClientid
    - data.topicString主题
    - data.actionString动作
    - data.accessString是否允许

    Examples

    1. ## Request
    2. curl -i \
    3. --basic \
    4. -u admin:public \
    5. -X POST \
    6. -d '{"clientid":"emqx_c", "topic":"Topic/A", "action":"pub", "access": "allow"}' \
    7. http://localhost:8081/api/v4/acl
    9. ## Return
    10. {
    11.   "data":{
    12.       "topic":"Topic/A",
    13.       "result":"ok",
    14.       "clientid":"emqx_c",
    15.       "action":"pub",
    16.       "access":"allow"
    17.   },
    18.   "code":0
    19. }

  • Username ACL

    Parameters (json):

    NameTypeRequiredDescription
    usernameStringTrueUsername
    topicStringTrue主题
    actionsub/pub/pubsubTrue动作
    accessallow/denyTrue是否允许

    Success Response Body (JSON):

    NameTypeDescription
    codeInteger0
    dataObject规则对象
    - data.usernameStringUsername
    - data.topicString主题
    - data.actionString动作
    - data.accessString是否允许

    Examples

    1. ## Request
    2. curl -i \
    3. --basic \
    4. -u admin:public \
    5. -X POST \
    6. -d '{"username":"emqx_u", "topic":"Topic/A", "action":"pub", "access": "allow"}' \
    7. http://localhost:8081/api/v4/acl
    9. ## Return
    10. {
    11.   "data":{
    12.       "topic":"Topic/A",
    13.       "result":"ok",
    14.       "username":"emqx_u",
    15.       "action":"pub",
    16.       "access":"allow"
    17.   },
    18.   "code":0
    19. }

  • $all ACL

    Parameters (json):

    NameTypeRequiredDescription
    topicStringTrue主题
    actionsub/pub/pubsubTrue动作
    accessallow/denyTrue是否允许

    Success Response Body (JSON):

    nametypedescription
    codeinteger0
    dataobject规则对象
    - data.allstring$all
    - data.topicstring主题
    - data.actionstring动作
    - data.accessstring是否允许

    Examples

    1. ## Request
    2. curl -i \
    3. --basic \
    4. -u admin:public \
    5. -X POST \
    6. -d '{"topic":"Topic/A", "action":"pub", "access": "allow"}' \
    7. http://localhost:8081/api/v4/acl
    9. ## Return
    10. {
    11.   "data":{
    12.       "topic":"Topic/A",
    13.       "result":"ok",
    14.       "all":"$all",
    15.       "action":"pub",
    16.       "access":"allow"
    17.   },
    18.   "code":0
    19. }

POST api/v4/acl

批量添加 ACL 规则。

Parameters (json):

NameTypeRequiredDescription
[0].clientidStringTrueClientid
[0].topicStringTrue主题
[0].actionsub/pub/pubsubTrue动作
[0].accessallow/denyTrue是否允许
[1].usernameStringTrueUsername
[1].topicStringTrue主题
[1].actionsub/pub/pubsubTrue动作
[1].accessallow/denyTrue是否允许
[2].topicStringTrue主题
[2].actionsub/pub/pubsubTrue动作
[2].accessallow/denyTrue是否允许

Success Response Body (JSON):

nametypedescription
codeinteger0
dataobject规则对象
- data.[0].clientidstringClient ID
- data.[0].topicstring主题
- data.[0].actionstring动作
- data.[0].accessstring是否允许
- data.[1].usernamestringUsername
- data.[1].topicstring主题
- data.[1].actionstring动作
- data.[1].accessstring是否允许
- data.[2].allstring$all
- data.[2].topicstring主题
- data.[2].actionstring动作
- data.[2].accessstring是否允许

Examples

  1. ## Request
  2. curl -i \
  3.     --basic \
  4.     -u admin:public \
  5.     -X POST \
  6.     -d '[
  7.         {
  8.           "clientid":"emqx_c_1",
  9.           "topic":"Topic/A",
  10.           "action":"pub",
  11.           "access": "allow"
  12.         },
  13.         {
  14.           "username":"emqx_u_1",
  15.           "topic":"Topic/A",
  16.           "action":"sub",
  17.           "access": "allow"
  18.         },
  19.         {
  20.           "topic":"Topic/+",
  21.           "action":"pubsub",
  22.           "access": "deny"
  23.         }
  24.       ]' \
  25.   http://localhost:8081/api/v4/auth_clientid
  27. ## Return
  28. {
  29.   "data": [
  30.     {
  31.       "clientid":"emqx_c_1",
  32.       "topic":"Topic/A",
  33.       "action":"pub",
  34.       "access": "allow",
  35.       "result": "ok"
  36.     },
  37.     {
  38.       "username":"emqx_u_1",
  39.       "topic":"Topic/A",
  40.       "action":"pub",
  41.       "access": "allow"
  42.       "result": "ok"
  43.     },
  44.     {
  45.       "all": "$all",
  46.       "topic":"Topic/+",
  47.       "action":"pubsub",
  48.       "access": "deny"
  49.     },
  50.   ],
  51.   "code": 0
  52. }

GET api/v4/acl/clientid

查看已经添加的 ACL 规则

Query String Parameters:

支持多条件和模糊查询,其包含的查询参数有:

NameTypeRequiredDescription
accessEnumFalse是否允许 deny, allow
actionEnumFalse动作
可取值有:pub,sub,pubsub
topicStringFalseMQTT 主题
_like_clientidStringFalse客户端标识符,子串方式模糊查找

Success Response Body (JSON):

NameTypeDescription
codeInteger0
dataObject规则对象
- data.[].clientidStringClientid
- data.[].topicString主题
- data.[].actionEnum动作 pub, sub,pubsub
- data.[].accessEnum是否允许deny,allow

Examples

  1. ## Request
  2. curl -i \
  3.     --basic \
  4.     -u admin:public \
  5.     -X GET \
  6.   http://localhost:8081/api/v4/acl/clientid
  8. ## Return
  9. {
  10.     "meta": {
  11.       "page": 1,
  12.       "limit": 10,
  13.       "count": 1
  14.     },
  15.     "data": [
  16.       {
  17.         "clientid": "emqx_c",
  18.         "topic": "Topic/A",
  19.         "action": "pub",
  20.         "access": "allow"
  21.       },
  22.       {
  23.         "clientid": "emqx_c_1",
  24.         "topic": "Topic/A",
  25.         "action": "pub",
  26.         "access": "allow"
  27.       },
  28.       {
  29.         "clientid": "emqx_c_2",
  30.         "topic": "Topic/A",
  31.         "action": "pub",
  32.         "access": "allow"
  33.       }
  34.     ],
  35.     "code": 0
  36.   }

GET api/v4/acl/username

查看已经添加的 ACL 规则 Query String Parameters:

支持多条件和模糊查询,其包含的查询参数有:

NameTypeRequiredDescription
accessEnumFalse权限 deny, allow
actionEnumFalse动作
可取值有:pub,sub,pubsub
topicStringFalseMQTT 主题
_like_usernameStringFalse客户端标识符,子串方式模糊查找

Success Response Body (JSON):

NameTypeDescription
codeInteger0
dataObject规则对象
- data.[].usernameStringUsername
- data.[].topicString主题
- data.[].actionEnum动作 pub, sub,pubsub
- data.[].accessEnum是否允许deny,allow

Examples

  1. ## Request
  2. curl -i \
  3.     --basic \
  4.     -u admin:public \
  5.     -X GET \
  6.   http://localhost:8081/api/v4/acl/username
  8. ## Return
  9. {
  10.     "meta": {
  11.       "page": 1,
  12.       "limit": 10,
  13.       "count": 1
  14.     },
  15.     "data": [
  16.       {
  17.         "clientid": "emqx_u",
  18.         "topic": "Topic/A",
  19.         "action": "pub",
  20.         "access": "allow"
  21.       },
  22.       {
  23.         "clientid": "emqx_u_1",
  24.         "topic": "Topic/A",
  25.         "action": "pub",
  26.         "access": "allow"
  27.       },
  28.       {
  29.         "clientid": "emqx_u_2",
  30.         "topic": "Topic/A",
  31.         "action": "pub",
  32.         "access": "allow"
  33.       }
  34.     ],
  35.     "code": 0
  36.   }

GET api/v4/acl/$all

查看已经添加的 ACL 规则

Success Response Body (JSON):

NameTypeDescription
codeInteger0
dataObject规则对象
- data.[].allString$all
- data.[].topicString主题
- data.[].actionString动作
- data.[].accessString是否允许

Examples

  1. ## Request
  2. curl -i \
  3.     --basic \
  4.     -u admin:public \
  5.     -X GET \
  6.   http://localhost:8081/api/v4/acl/\$all
  8. ## Return
  9. {
  10.   "meta": {
  11.     "page": 1,
  12.     "limit": 10,
  13.     "count": 1
  14.   },
  15.   "data": [
  16.     {
  17.       "all": "$all",
  18.       "topic": "Topic/A",
  19.       "action": "pub",
  20.       "access": "allow"
  21.     },
  22.     {
  23.       "all": "$all",
  24.       "topic": "Topic/+",
  25.       "action": "pubsub",
  26.       "access": "deny"
  27.     }
  28.   ],
  29.   "code": 0
  30. }

GET /api/v4/acl/clientid/{clientid}

查看指定的 ACL 规则。

Path Parameters:

NameTypeRequiredDescription
clientidStringTrueClientID

Parameters:

Success Response Body (JSON):

NameTypeDescription
codeInteger0
dataobject规则对象
- data.clientidstringClientID
- data.topicstring主题
- data.actionstring动作
- data.accessstring是否允许

Examples:

  1. ## Request
  2. curl -i \
  3.     --basic \
  4.     -u admin:public \
  5.     -X GET \
  6.   http://localhost:8081/api/v4/acl/clientid/emqx_c
  8. ## Return
  9. {
  10.   "data": {
  11.     "topic": "Topic/A",
  12.     "clientid": "emqx_c",
  13.     "allow": true,
  14.     "action": "pub"
  15.   },
  16.   "code": 0
  17. }

GET /api/v4/acl/username/{username}

查看指定的 ACL 规则。

Path Parameters:

NameTypeRequiredDescription
usernmaeStringTrueUsername

Parameters:

Success response body (json):

nametypedescription
codeinteger0
dataobject规则对象
- data.usernamestringUsername
- data.topicstring主题
- data.actionstring动作
- data.accessstring是否允许

Examples:

  1. ## Request
  2. curl -i \
  3.     --basic \
  4.     -u admin:public \
  5.     -X GET \
  6.   http://localhost:8081/api/v4/acl/usernmae/emqx_u
  8. ## Return
  9. {
  10.   "data": {
  11.     "topic": "Topic/A",
  12.     "username": "emqx_u",
  13.     "allow": true,
  14.     "action": "pub"
  15.   },
  16.   "code": 0
  17. }

DELETE /api/v4/acl/clientid/{clientid}/topic/{topic}

删除指定的 ACL 规则。

Path Parameters:

NameTypeRequiredDescription
clientidStringTrueClientID
topicStringTrue主题,可能需要使用 UrlEncode 编码

Parameters:

Success response body (json):

nametypedescription
codeinteger0

Examples:

  1. ## Request
  2. curl -i \
  3.     --basic \
  4.     -u admin:public \
  5.     -X DELETE \
  6.   http://localhost:8081/api/v4/acl/clientid/emqx_c/topic/Topic%2fA
  8. ## Return
  9. {"code": 0}

DELETE /api/v4/acl/username/{usernmae}/topic/{topic}

删除指定的 ACL 规则。

Path Parameters:

NameTypeRequiredDescription
usernameStringTrueUsername
topicStringTrue主题,可能需要使用 UrlEncode 编码

Parameters:

Success response body (json):

nametypedescription
codeinteger0

Examples:

  1. ## Request
  2. curl -i \
  3.     --basic \
  4.     -u admin:public \
  5.     -X DELETE \
  6.   http://localhost:8081/api/v4/acl/username/emqx_u/topic/Topic%2fA
  8. ## Return
  9. {"code": 0}

DELETE /api/v4/acl/all/$all/topic/{topic}

删除指定的 ACL 规则。

Path Parameters:

NameTypeRequiredDescription
topicStringTrue主题,可能需要使用 UrlEncode 编码

Parameters:

Success response body (json):

nametypedescription
codeinteger0

Examples:

  1. ## Request
  2. curl -i \
  3.     --basic \
  4.     -u admin:public \
  5.     -X DELETE \
  6.   http://localhost:8081/api/v4/acl/all/\$all/topic/Topic%2fA
  8. ## Return
  9. {"code": 0}

CLI

内置数据库 认证/访问控制 还提供了 ./bin/emqx_ctl 的管理命令行。

clientid 命令

clientid 命令查询管理内置数据库的 clientid 认证。

命令描述
clientid list列出 clientid 身份验证规则
clientid add <ClientID> <Password>添加 clientid 身份验证规则
clientid update <ClientID> <NewPassword>更新 clientid 身份验证规则
clientid del <ClientID>删除 clientid 身份验证规则

clientid list

列出 clientid 身份验证规则

  1. $ ./bin/emqx_ctl clientid list
  2. emqx_clientid

clientid add <ClientID> <Password>

添加 clientid 身份验证规则

  1. ./bin/emqx_ctl clientid add emqx_clientid password
  2. ok

clientid update <ClientID> <NewPassword>

更新 clientid 身份验证规则

  1. $ ./bin/emqx_ctl clientid update emqx_clientid new_password
  2. ok

clientid del <ClientID>

删除 clientid 身份验证规则

  1. $ ./bin/emqx_ctl clientid del emqx_clientid
  2. ok

user 命令

user 命令查询管理内置数据库的 username 认证。

命令描述
user list列出 user 身份验证规则
user add <Username> <Password>添加 user 身份验证规则
user update <Username> <NewPassword>更新 user 身份验证规则
user del <Username>删除 user 身份验证规则

user list

列出 username 身份验证规则

  1. $ ./bin/emqx_ctl user list
  2. emqx_username

user add <Username> <Password>

添加 username 身份验证规则

  1. ./bin/emqx_ctl user add emqx_username password
  2. ok

user update <Username> <NewPassword>

更新 username 身份验证规则

  1. $ ./bin/emqx_ctl user update emqx_username new_password
  2. ok

user del <Username>

删除 username 身份验证规则

  1. $ ./bin/emqx_ctl user del emqx_username
  2. ok

acl 命令

user 命令查询管理内置数据库的访问控制。

命令描述
acl list clientid列出 clientid 访问控制规则
acl list username列出 username 访问控制规则
acl list _all列出 $all访问控制规则
acl show clientid <Clientid>查看 clientid 访问控制详情
acl show username <Username>查看 username 访问控制详情
acl aad clientid <Clientid> <Topic> <Action> <Access>增加 clientid 访问控制规则
acl add Username <Username> <Topic> <Action> <Access>增加 username访问控制规则
acl add _all <Topic> <Action> <Access>增加 $all 访问控制规则
acl del clientid <Clientid> <Topic>删除 clientid 访问控制规则
acl del username <Username> <Topic>删除 username 访问控制规则
acl del _all <Topic>删除 $all 访问控制规则

acl list clientid

列出 clientid 访问控制规则

  1. $ ./bin/emqx_ctl acl list clientid             
  2. Acl(clientid = <<"emqx_clientid">> topic = <<"Topic/A">> action = pub access = allow)

acl list username

列出 username 访问控制规则

  1. $ ./bin/emqx_ctl acl list username             
  2. Acl(username = <<"emqx_username">> topic = <<"Topic/A">> action = pub access = allow)

acl list _all

列出 $all 访问控制规则

  1. $ ./bin/emqx_ctl acl list _all 
  2. Acl($all topic = <<"Topic/A">> action = pub access = allow)

acl show clientid <Clientid>

查看 clientid 访问控制详情

  1. $ ./bin/emqx_ctl acl show clientid emqx_clientid
  2. Acl(clientid = <<"emqx_clientid">> topic = <<"Topic/A">> action = pub access = allow)

acl show username <Username>

查看 username 访问控制详情

  1. $ ./bin/emqx_ctl acl show username emqx_username
  2. Acl(username = <<"emqx_username">> topic = <<"Topic/A">> action = pub access = allow)

acl aad clientid <Clientid> <Topic> <Action> <Access>

增加 clientid 访问控制规则

  1. $ ./bin/emqx_ctl acl add clientid emqx_clientid Topic/A pub allow
  2. ok

acl aad username <Username> <Topic> <Action> <Access>

增加 username 访问控制规则

  1. $ ./bin/emqx_ctl acl add username emqx_username Topic/A pub allow
  2. ok

acl aad _all <Topic> <Action> <Access>

增加 $all 访问控制规则

  1. $ ./bin/emqx_ctl acl add _all Topic/A pub allow
  2. ok

acl del clientid <Clientid> <Topic>

删除 clientid 访问控制规则

  1. $ ./bin/emqx_ctl acl del clientid emqx_clientid Topic/A
  2. ok

acl del username <Username> <Topic>

删除 username 访问控制规则

  1. $ ./bin/emqx_ctl acl del username emqx_username Topic/A
  2. ok

acl del _all <Topic

删除 $all 访问控制规则

  1. $ ./bin/emqx_ctl acl del _all Topic/A
  2. ok