Skip to content

Discussion: Default MQTT Node Permissions #22

New issue
New issue
Open
Open
Discussion: Default MQTT Node Permissions#22
Labels
taskA piece of work that isn't necessarily tied to a specific Epic or Story.
@joepavitt

Description

@joepavitt
joepavitt
opened on Sep 12, 2025

Description

Current Status

By default, all new clients are given the following access on the FlowFuse Broker.

  • subcribe: #
  • publish: none

User's can then override these permissions using the "Clients" view in the FlowFuse UI, which is linked to directly from the MQTT Nodes config panel.

Friction

  • The most common use case here is likely that a user is rolling out MQTT nodes to hundreds/thousands of Remote Instances, which will generally be publishing rather than subscribing.
  • User would currently have to manually set those permissions for each client created for the respective Instance.
  • If the user has deployed the node, and then wants to add publish permissions, they will get caught in the 5 minute permissions caching that we have in place. An issue that was hit in the recent Developer Demo

Discussion Point

  • What is a more appropriate default?
  • What do we need to be more protective of for the Broker - publishing or subscribing?

Default Config Options

I see no option for us to be opinionated on a particular topic by default, so I see our options as the following three:

Option 1 (current state)
  • subscribe: #
  • publish: none
Option 2
  • subscribe: #
  • publish: #
Option 3
  • subscribe: none
  • publish: #

Epic/Story

No response

Metadata

Metadata

Assignees

No one assigned

    Labels

    taskA piece of work that isn't necessarily tied to a specific Epic or Story.

    Type

    No type

    Projects

    ☁️ Product Planning

    Status

    No status

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions