I am using RabbitMQ MQTT and I would like only to allow one user to publish to topics, and all other users to only subscribe. I understand that running rabbitmqctl set_permissions -p 'vhost' 'username' '.*' '.*' '.*' will give the user permission to do anything on the vhost. How do I use the rabbitmqctl set_permissions to allow the user to only subscribe to MQTT topics?
The rabbitmqctl set_permissions structure is:
rabbitmqctl set_permissions [-p <vhostpath>] <user> <configure> <write> <read>
So following your request, you would use the set_permissions command with blank regular expressions for configure and write permissions and .* for read permissions, like:
rabbitmqctl set_permissions -p your_vhost your_user "" "" ".*"
UPD: Subscribing to a topic results in the MQTT plugin creating a queue and a binding, which requires configure and write permissions in that case, so you can limit access to certain queues and exchange patterns kinda like this:
rabbitmqctl set_permissions -p your_vhost your_user "^mqtt-subscription-.*$" "^mqtt-subscription-.*$" ".*"
allowing the user to configure and write only to the specific queues that the MQTT plugin would create and read from all queues