Overview

Overview

IoTDA provides device topic policies, with which you can implement flexible role-based access control, and authorize clients to publish or subscribe to messages through topics not starting with $oc. You can manage the topic-based data publishing and subscription permissions of devices, products, or groups, improving communication security. Device policies are mainly used for protocols used in data publishing and subscription mechanisms, for example, MQTT and MQTTS on the device side. Currently, this feature is available for users in invitation-only regions of south China.

For existing IoTDA users, the system_default_policy policy is added to the newly created resource space by default, which allows devices in this resource space to publish or subscribe to messages through topics (not starting with $oc) of all devices under all resource spaces. You can delete the policy if needed.

Figure 1 Conceptual diagram of topic policies

Scenarios

• Group-based communications: For example, devices A, B, and C belong to a group, and only devices A, B, and C are allowed to subscribe to the topic of the group.
• Region-based communications: Regions are divided based on the data publishing and subscription permissions. Only devices of the same region can communicate with each other.

Restrictions

• Max. policies for a tenant: 50.
• Applicable topics: custom topics that do not start with $oc.
• Max. policy file size: 10 KB. Max. files configured for a policy: 10.
• Max. policies configured for a device or product: 5.
• Max. topics subscribed by a device (client): 50.
• Max. topic length: 128 bytes.
• Supported QoS: QoS 0 and QoS 1.