You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/event-grid/mqtt-client-authorization-use-rbac.md
+3-5Lines changed: 3 additions & 5 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -8,13 +8,12 @@ ms.author: veyaddan
8
8
---
9
9
10
10
# Authorizing access to publish or subscribe to MQTT messages in Event Grid namespace
11
-
You can use Azure role-based access control (Azure RBAC) to enable MQTT clients, with Azure Active Directory (AAD) identity, to publish or subscribe access to specific topic spaces.
11
+
You can use Azure role-based access control (Azure RBAC) to enable MQTT clients, with Azure Active Directory identity, to publish or subscribe access to specific topic spaces.
12
12
13
13
## Prerequisites
14
14
- You need an Event Grid namespace with MQTT enabled. [Learn about creating Event Grid namespace](/azure/event-grid/create-view-manage-namespaces#create-a-namespace)
15
15
- Review the process to [create a custom role](/azure/role-based-access-control/custom-roles-portal)
16
16
17
-
18
17
## Operation types
19
18
You can use following two data actions to provide publish or subscribe permissions to clients with Azure AD identities on specific topic spaces.
> Currently, we recommend using custom roles with the actions provided. Built-in roles for publish and subscribe will be available in future.
27
+
> Currently, we recommend using custom roles with the actions provided.
29
28
30
29
## Custom roles
31
30
@@ -85,15 +84,14 @@ The following are sample role definitions that allow you to publish and subscrib
85
84
1. Switch the Baseline permissions to **Start from scratch**
86
85
1. On the Permissions tab, select **Add permissions**
87
86
1. In the selection page, find and select Microsoft Event Grid
88
-
:::image type="content" source="./media/mqtt-rbac-authorization-aad-clients/event-grid-custom-role-permissions.png" alt-text="Screenshot showing the Microsoft Event Grid option to find the permissions.":::
87
+
:::image type="content" source="./media/mqtt-rbac-authorization-aad-clients/event-grid-custom-role-permissions.png" lightbox="./media/mqtt-rbac-authorization-aad-clients/event-grid-custom-role-permissions.png" alt-text="Screenshot showing the Microsoft Event Grid option to find the permissions.":::
89
88
1. Navigate to Data Actions
90
89
1. Select **Topic spaces publish** data action and select **Add**
91
90
:::image type="content" source="./media/mqtt-rbac-authorization-aad-clients/event-grid-custom-role-permissions-data-actions.png" lightbox="./media/mqtt-rbac-authorization-aad-clients/event-grid-custom-role-permissions-data-actions.png" alt-text="Screenshot showing the data action selection.":::
92
91
1. Select Next to see the topic space in the Assignable scopes tab. You can add other assignable scopes if needed.
93
92
1. Select **Create** in Review + create tab to create the custom role.
94
93
1. Once the custom role is created, you can assign the role to an identity to provide the publish permission on the topic space. You can learn how to assign roles [here](/azure/role-based-access-control/role-assignments-portal).
95
94
96
-
97
95
> [!NOTE]
98
96
> You can follow similar steps to create and assign a custom Event Grid MQTT subscriber permission to a topic space.
0 commit comments