Skip to content

USER IS / USER HAS Functional Keywords

Feature Since Version Notes
USER IS >v1.4.6 Checks user identity in Rules
USER HAS >v1.4.6 Checks user properties/roles in Rules
HAS GROUP >v1.4.4 Check user group membership

Overview

  • Description: These keywords are used within the condition part (IF <condition>) of a DEFINE RULE statement to check attributes of the user attempting the operation.
    • USER IS: Checks if the user's username exactly matches the specified string.
    • USER HAS: Checks if the user object possesses a specific property or belongs to a role/group (the exact interpretation of properties/roles depends on the broker's user management system).

Signature

  • Syntax: 
    USER IS "<username>"

    USER HAS <propertyNameOrRole>

Parameters

  • "<username>": A string literal representing the exact username to check against.
  • <propertyNameOrRole>: An identifier (usually treated as a string internally) representing a property, role, or group associated with the user.

Usage Examples

Used within DEFINE RULE IF conditions.

Basic Example: Check Specific User

DEFINE RULE AllowSpecificUserPublish WITH PRIORITY 1 FOR Publish TO TOPIC "devices/control"
    IF USER IS "device_controller_01" THEN
        ALLOW
    ELSE
        DENY
    ENDIF

Intermediate Example: Check Role

DEFINE RULE AllowAdminsSystemTopics WITH PRIORITY 2 FOR Subscribe TO TOPIC "$SYS/#"
    IF USER HAS AdminRole THEN
        ALLOW
    ELSE
        DENY
    ENDIF

Advanced Example: Combining Checks with OR

DEFINE RULE AllowOperatorOrManager WITH PRIORITY 3 FOR AssetManagementStart
    IF USER HAS OperatorRole OR USER HAS ManagerRole THEN
        ALLOW
    ELSE
        DENY
    ENDIF

Advanced Example: Combining Checks with AND

DEFINE RULE AllowSpecificDepartmentAdmin WITH PRIORITY 4 FOR UserManagementCreation
    IF USER IS "dept_admin" AND USER HAS FinanceDepartment THEN
        ALLOW
    ELSE
        DENY
    ENDIF

Notes & Additional Information

  • These keywords are essential for implementing fine-grained access control.
  • The exact available properties/roles for USER HAS depend on how users are configured in the Coreflux MQTT Broker.
  • Often used with logical operators AND and OR to create complex conditions.