How to deny writing on specific topic for anonymous users with ACL?

[ahorn42]

Hi,

I want to limit the write access to a specific topic for the anonymous users and allow it only for a known user. Also the anonymous users should be allowed to read and write all other topics.

Can this be archived with ACLs?

I tried the following without success:

# for anonymous users
topic readwrite #
topic read mySensitiveDevice/#

# for user myUserForSensitiveDevices
user myUserForSensitiveDevices
topic readwrite mySensitiveDevice/#

With the config from above the anonymous user can still write on mySensitiveDevice/myData.

I am using mosquitto 2.0.14.

Additionally I would like to add that the documentation at https://mosquitto.org/man/mosquitto-conf-5.html#idm44 could be improved, there isn't explained how different ACLs might overwrite each other (beside that deny overrules the others).

Thanks in advance and best regards!

[DerHerrW]

I try the same without success so far.