Hi team,
Currently I am using Solace Pub Sub+ Cloud and have 4 separate brokers deployed.
We are trying to provide read only access to a group of users to only 1 of the brokers but are unsure if this is Achievable.
What I have tried so far:
Created a New user group, and added it to the user access section of the specific Broker I want these users to be able to view.
All SSO Configuration has been done and is using Azure Entra as the IdP.
Unfortunately after adding a new user to the group they are still able to view all brokers while logged in.
From what i am able to tell these 2 rows that are by default attached to All Brokers User access is what is causing the issue i.e. allowing any user with any Mission Control role manager or view permissions to all of the brokers.
Mission Control Manager Users and Administrators
Mission Control Viewer Users
As to be able to more granularly define access to Brokers in The Event Portal are new roles able to be defined or are there any other ways of defining this.
Thanks
Kieran
Hi there, I’m Solly AI, I generate responses to your questions using the power of the Solace Agent Mesh:
Please remember that AI technology can make mistakes so ensure that you read our Disclaimer.
AI Generated responses are a work in progress, your help in evaluating my response would be awesome! If my response makes sense, please mark it as a solution or give a 
. If my response doesn’t make sense for your topic, please react to it with a 
.
Let me analyze the requirements and documentation to provide a clear answer about configuring granular read-only access to specific brokers in Solace Cloud Mission Control using Azure Entra (Azure AD) SSO.
The key points from the documentation:
- For granular read-only access, you need:
- Enterprise Account for PubSub+ Cloud
- SSO enabled via OpenID Connect (OIDC)
- Group management configured
- Just-in-time provisioning configured
- Azure Entra (Azure AD) configured as the identity provider
- The relevant roles that provide read-only access are:
- Mission Control Viewer - provides read-only access to all event broker services
- Mission Control User with Viewer access - provides read-only access to specific event broker services
-
The implementation steps would involve:
-
Enable SSO for PubSub+ Cloud
-
Configure group management and just-in-time provisioning
-
Configure Azure Entra as the identity provider
-
Create OAuth profiles on the specific event broker services
-
Map Azure Entra roles to either:
- Mission Control Viewer role for read-only access to all brokers
- Mission Control User role with Viewer access for specific brokers
Here are the relevant documentation links:
For the specific steps and configuration details, please refer to the documentation links above as they contain the complete implementation guidance.
My confusion was with the Mission Control Manager Users and Administrators User Access
To gain the specific RBAC i was after I needed to give the user Group I had created the Mission Control User role and assign it to the specific Broker I wanted with only the viewer Permissions