emqx4.3/changes/ee/feat-11766.en.md

Implemented a preliminary Role-Based Access Control for the REST API.

In this version, there are three predefined roles:

• Administrator: This role could access all resources.

• Viewer: This role can only view resources and data, corresponding to all GET requests in the REST API.

• Publisher: This role is special for MQTT messages publish, it can only access publish-related endpoints.