DashboardAccess Control
ACL v2 Policy Editor
Write and deploy access control policies using the JSON policy editor
The ACL v2 policy editor in the dashboard provides a Monaco-based JSON editor for writing access control policies.
Opening the Editor
- Navigate to Dashboard → Access Control
- If this is your first time, you'll see the Setup Wizard - choose a preset or start with a blank policy
- If you already have a policy, the editor opens directly
Editor Features
- Monaco editor with JSON syntax highlighting and validation
- Validation bar at the bottom showing: Valid/Invalid status, global rule count, per-rule counts, publisher counts, and available bindings
- Deploy button to push changes live (appears when you edit the policy)
- Discard button to revert unsaved changes
Policy Structure
A policy document is JSON with these sections:
{
"rules": [
{
"user": "sensor-*",
"topic": "data/{username}/#",
"permission": "publish"
},
{
"user": "*",
"topic": "notifications/#",
"permission": "subscribe"
}
]
}Rule Fields
| Field | Description |
|---|---|
user | Username pattern to match (* for all, sensor-* for prefix match) |
topic | Topic pattern with optional variables like {username} |
permission | publish, subscribe, or both |
Available Bindings
The editor shows available binding variables you can use in topic patterns:
{username}- the connecting client's username{client_id}- the client's MQTT client ID{org_short_id}- the organization identifier
Deploying a Policy
- Edit the policy in the editor
- The validation bar shows if the policy is valid
- Click Deploy to push changes live
- Changes take effect immediately for new connections
Deploying a policy affects all new connections and subscription/publish attempts immediately. Use the Simulator to test before deploying.
Rule Toggles
Below the editor, you can toggle:
- Exclusive subscriptions - clients can only subscribe to topics explicitly allowed
- Require access grants - require per-user access grants in addition to policy rules