Access Manager for PubNub Chat Components for React
Migrate to Chat SDK
PubNub will stop supporting Chat Components on January 1, 2025 but you are welcome to contribute. Learn how to migrate to the Chat SDK here.
Access Manager allows you to enforce security controls for client access to resources within the PubNub network. Your servers can grant their clients access to individual PubNub resources (channels, channel groups, and User ID metadata) for a limited duration, with the ability to renew access or add permissions for additional resources.
User ID / UUID
User ID is also referred to as UUID/uuid in some APIs and server responses but holds the value of the userId parameter you set during initialization.
With Access Manager enabled, your clients must have permissions to send requests to PubNub. You can grant access to your clients from a secure server using the secretKey. These grants allow you to granularly manage the resources available to each client. For instance, you can make a one-to-one chat room private by only allowing the two users in that chat room to have read and write permissions on the chat room channel. Alternatively, you can make a channel public by allowing all users to have access to it.
For more information, refer to the Access Manager feature description.
Access Manager handling in components
PubNub Chat Components as a purely client-side React components library does not do anything specific to handle Access Manager internally. Once it is enabled on the PubNub keyset, the developer is expected to write custom code that would handle granting, just as if the app was written from scratch.
You can expect the operations listed below to be executed internally by the components. To work properly, all of them should be granted access to the User ID passed to the PubNub instance.
Operations to permissions mapping
The following tables show the mappings of API operations to resources and permissions.
Pub/Sub
| PubNub Operation | Resource | Permission |
|---|---|---|
| Publish on channel | Channel | Write |
| Signal on channel | Channel | Write |
| Subscribe to channel | Channel | Read |
| Subscribe to presence channel | Presence Channel (-pnpres) | Read |
| Subscribe to channel group | Channel Group | Read |
| Subscribe to presence channel group | Presence Channel Group (-pnpres) | Read |
| Unsubscribe from channel | Channel | None required |
| Unsubscribe from channel group | Channel Group | None required |
Presence
| PubNub Operation | Resource | Permission |
|---|---|---|
| Here Now | Channel | Read |
| Where Now | Channel | none required |
| Get State | Channel | Read |
| Set State | Channel | Read |
Message Persistence
| PubNub Operation | Resource | Permission |
|---|---|---|
| History - Fetch Messages | Channel | Read |
| Message Counts | Channel | Read |
| Delete Messages | Channel | Delete |
File Sharing
| PubNub Operation | Resource | Permission |
|---|---|---|
| Send file on channel | Channel | Write |
| List files | Channel | Read |
| Download file | Channel | Read |
| Delete file | Channel | Delete |
Channel Groups
| PubNub Operation | Resource | Permission |
|---|---|---|
| Add Channels to channel group | Channel Group | Manage |
| Remove Channels from channel group | Channel Group | Manage |
| List Channels in channel group | Channel Group | Manage |
| Remove channel group | Channel Group | Manage |
App Context
| PubNub Operation | Resource | Permission |
|---|---|---|
| Set user metadata | User ID | Update |
| Delete user metadata | User ID | Delete |
| Get user metadata | User ID | Get |
| Get all user metadata | User ID | Managed by the Disallow Get All User Metadata option in the App Context configuration on the Admin Portal.When this option is unchecked, and Access Manager is enabled in an app, you can get metadata of all users without the need to define that in the permissions schema included in the authentication token. |
| Set channel metadata | Channel | Update |
| Delete channel metadata | Channel | Delete |
| Get channel metadata | Channel | Get |
| Get all channel metadata | Channel | Managed by the Disallow Get All Channel Metadata option in the App Context configuration on the Admin Portal.When this option is unchecked, and Access Manager is enabled in an app, you can get metadata of all channels without the need to define that in the permissions schema included in the authentication token. |
| Set channel members | Channel | Manage |
| Remove channel members | Channel | Delete |
| Get channel members | Channel | Get |
| Set channel memberships | Channel, User ID | Channels: Join User ID: Update |
| Remove channel memberships | Channel, User ID | Channels: Join User ID: Update |
| Get channel memberships | User ID | Get |
Mobile Push Notifications
| PubNub Operation | Resource | Permission |
|---|---|---|
| Register channel for push | Channel | Read |
| Remove channel's push registration | Channel | Read |
Message Reactions
| PubNub Operation | Resource | Permission |
|---|---|---|
| Add Message Action | Channel | Write |
| Remove Message Action | Channel | Delete |
| Get Message Actions | Channel | Read |
| Get History with Actions | Channel | Read |