Skip to main content

Securing Your Broker

Rules define who can do what in your Coreflux broker. They control access to system operations, topic publishing/subscribing, and administrative functions—ensuring only authorized users can perform sensitive actions.
Think of Rules like a security guard at a building entrance. The guard checks your badge (permissions) and decides if you’re allowed through the door (the operation). Rules do the same for every broker operation.

When to Use Rules

Rules are essential when you need to:
ScenarioRule Type
Restrict who can create/delete usersUser Management Rules
Control who deploys Actions, Models, RoutesEntity Management Rules
Limit access to system configurationSystem Configuration Rules
Secure MQTT topic accessPublish/Subscribe Rules
Protect administrative $SYS topicsSystem Topic Rules

In This Section

  • Rules Syntax — Complete reference for conditions, scopes, and patterns

How to Deploy a Rule

Rules can be deployed in two ways: through a LoT Notebook (recommended) or via MQTT commands.
The easiest way to manage rules is through a LoT Notebook. Just write your rule definition in a code cell and run it—the extension automatically detects DEFINE RULE and sends the proper command to the broker.
DEFINE RULE AllowActionCreation WITH PRIORITY 1 FOR ActionManagementCreation
    IF USER IS "root" OR USER IS "admin" THEN
        ALLOW
    ELSE
        DENY
Click the Run button. The notebook recognizes the LoT code and deploys it instantly.
This approach is ideal for:
  • Developing and testing rules interactively
  • Documenting your security configuration alongside the code
  • Sharing rule sets with your team as .lotnb files

Removing Rules

Remove a rule by name using the -removeRule command. Publish to $SYS/Coreflux/Command: 
-removeRule AllowActionCreation
You can also use the Coreflux Entities panel in VS Code to view and remove deployed rules.

Updating Rules

To update an existing rule, deploy a new rule with the same name. The new definition replaces the existing one. 
-- Original rule (priority 1)
DEFINE RULE AllowActionCreation WITH PRIORITY 1 FOR ActionManagementCreation
    IF USER IS "root" THEN
        ALLOW
    ELSE
        DENY

-- Updated rule (same name, now includes admin)
DEFINE RULE AllowActionCreation WITH PRIORITY 1 FOR ActionManagementCreation
    IF USER IS "root" OR USER IS "admin" THEN
        ALLOW
    ELSE
        DENY

Viewing Active Rules

To see all deployed rules, subscribe to the rules system topic: 
SUBSCRIBE "$SYS/Coreflux/Rules/#"
Or use the Coreflux Entities panel in VS Code if you have the LoT Notebooks extension installed.

Default Rules Reference

Coreflux includes default rules that provide a secure starting configuration:
Default BehaviorDescription
Root accessThe root user has full access to all operations
Management permissionsManagement operations require appropriate permission tags
Open topicsStandard topic publish/subscribe is open for all users
Protected $SYSSystem topics are restricted to authorized users
Default rules establish a baseline security posture. Add custom rules to extend or override this behavior for your specific requirements.

Next Steps

Rules Syntax

Learn conditions, scopes, and complete rule patterns.

LoT Notebooks

Use notebooks for interactive rule development.