Topic Access Control

A topic is a channel used for Push to User notifications. It acts as a channel to deliver push notifications.

A topic can be in the application scope, group scope, user scope, or thing scope. As with buckets, the default permissions applied to a topic are determined by its scope.

The table below indicates the default ACL entries set at topic creation. You can customize topic ACLs with the ACL modification feature of the client SDKs and REST APIs.

Default permissions

Topics have the following permissions by default. The rightmost "Modify ACL" column indicates the users who can update the ACL. Note that you cannot change the users who can modify the ACL.

Scope Subscribe to the topic
(SUBSCRIBE_TO_TOPIC)
Send push messages to the topic
(SEND_MESSAGE_TO_TOPIC)
Modify ACL
Application - Any authenticated users
- Anonymous users
- Topic creator - Topic creator
Group - Group members
- Group owner
- Topic creator
- Group members
- Group owner
- Topic creator
- Group owner
- Topic creator
User - Scope owner
- Topic creator
- Scope owner
- Topic creator
- Scope owner
- Topic creator
Thing - Thing
- Thing owner
- Topic creator
- Thing
- Thing owner
- Topic creator
- Thing
- Thing owner
- Topic creator

Here is a brief summary of topic permissions applied in each scope:

  • In the application scope, everyone can subscribe to the topic. Only the topic creator (usually the app administrator) can send push messages to the topic.
  • In the group scope, the members of the group and topic creator can subscribe and send push messages to the topic.
  • In the user scope, the scope owner and topic creator can subscribe and send push messages to the topic.
  • In the thing scope, the thing, its owner, and the topic creator can subscribe and send push messages to the topic.

Additionally, note the following considerations:

  • For the definitions of authenticated and anonymous users, see Subject.
  • You can customize a permission to create a topic by updating a scope's ACL. For more information about setting a scope's ACL, see Scope Access Control.