Access Manager allows you to enforce security controls for client access to resources within the PubNub network. Your servers can grant their clients access to individual PubNub resources (channels, channel groups, and User ID metadata) for a limited duration, with the ability to renew access or add permissions for additional resources.
User ID / UUID
User ID is also referred to as
uuid in some APIs and server responses but holds the value of the
userId parameter you set during initialization.
With Access Manager enabled, your clients must have permissions to send requests to PubNub. You can grant access to your clients from a secure server using the secretKey. These grants allow you to granularly manage the resources available to each client. For instance, you can make a one-to-one chat room private by only allowing the two users in that chat room to have read and write permissions on the chat room channel. Alternatively, you can make a channel public by allowing all users to have access to it.
For more information, refer to the Access Manager feature description.
Access Manager handling in components
PubNub Chat Components as a purely client-side React components library does not do anything specific to handle Access Manager internally. Once it is enabled on the PubNub keyset, the developer is expected to write custom code that would handle granting, just as if the app was written from scratch.
You can expect the operations listed below to be executed internally by the components. To work properly, all of them should be granted access to the User ID passed to the PubNub instance.
Operations to permissions mapping
The following tables show the mappings of API operations to resources and permissions.
|Publish on channel||Channel||Write|
|Signal on channel||Channel||Write|
|Subscribe to channel||Channel||Read|
|Subscribe to presence channel||Presence Channel (||Read|
|Subscribe to channel group||Channel Group||Read|
|Subscribe to presence channel group||Presence Channel Group (||Read|
|Unsubscribe from channel||Channel||None required|
|Unsubscribe from channel group||Channel Group||None required|
|Where Now||Channel||none required|
|History - Fetch Messages||Channel||Read|
|Send file on channel||Channel||Write|
|Add Channels to channel group||Channel Group||Manage|
|Remove Channels from channel group||Channel Group||Manage|
|List Channels in channel group||Channel Group||Manage|
|Remove channel group||Channel Group||Manage|
|Set user metadata||User ID||Update|
|Delete user metadata||User ID||Delete|
|Get user metadata||User ID||Get|
|Get all user metadata||User ID||Managed by a flag on the settings page.|
|Set channel metadata||Channel||Update|
|Delete channel metadata||Channel||Delete|
|Get channel metadata||Channel||Get|
|Get all channel metadata||Channel||Managed by a flag on the settings page.|
|Set channel members||Channel||Manage|
|Remove channel members||Channel||Delete|
|Get channel members||Channel||Get|
|Set channel memberships||Channel, User ID||Channels: Join|
User ID: Update
|Remove channel memberships||Channel, User ID||Channels: Join|
User ID: Update
|Get channel memberships||User ID||Get|
Mobile Push Notifications
|Register channel for push||Channel||Read|
|Remove channel's push registration||Channel||Read|
|Add Message Action||Channel||Write|
|Remove Message Action||Channel||Delete|
|Get Message Actions||Channel||Read|
|Get History with Actions||Channel||Read|