Access Manager for PubNub Chat Components for React

Migrate to Chat SDK

PubNub will stop supporting Chat Components on January 1, 2025 but you are welcome to contribute. Learn how to migrate to the Chat SDK here.

Access Manager allows you to enforce security controls for client access to resources within the PubNub network. Your servers can grant their clients access to individual PubNub resources (channels, channel groups, and User ID metadata) for a limited duration, with the ability to renew access or add permissions for additional resources.

User ID / UUID

User ID is also referred to as UUID/uuid in some APIs and server responses but holds the value of the userId parameter you set during initialization.

With Access Manager enabled, your clients must have permissions to send requests to PubNub. You can grant access to your clients from a secure server using the secretKey. These grants allow you to granularly manage the resources available to each client. For instance, you can make a one-to-one chat room private by only allowing the two users in that chat room to have read and write permissions on the chat room channel. Alternatively, you can make a channel public by allowing all users to have access to it.

For more information, refer to the Access Manager feature description.

Access Manager handling in components

PubNub Chat Components as a purely client-side React components library does not do anything specific to handle Access Manager internally. Once it is enabled on the PubNub keyset, the developer is expected to write custom code that would handle granting, just as if the app was written from scratch.

You can expect the operations listed below to be executed internally by the components. To work properly, all of them should be granted access to the User ID passed to the PubNub instance.

Operations to permissions mapping

The following tables show the mappings of API operations to resources and permissions.

Pub/Sub

PubNub OperationResourcePermission
Publish on channelChannelWrite
Signal on channelChannelWrite
Subscribe to channelChannelRead
Subscribe to presence channelPresence Channel (-pnpres)Read
Subscribe to channel groupChannel GroupRead
Subscribe to presence channel groupPresence Channel Group (-pnpres)Read
Unsubscribe from channelChannelNone required
Unsubscribe from channel groupChannel GroupNone required

Presence

PubNub OperationResourcePermission
Here NowChannelRead
Where NowChannelnone required
Get StateChannelRead
Set StateChannelRead

Message Persistence

PubNub OperationResourcePermission
History - Fetch MessagesChannelRead
Message CountsChannelRead
Delete MessagesChannelDelete

File Sharing

PubNub OperationResourcePermission
Send file on channelChannelWrite
List filesChannelRead
Download fileChannelRead
Delete fileChannelDelete

Channel Groups

PubNub OperationResourcePermission
Add Channels to channel groupChannel GroupManage
Remove Channels from channel groupChannel GroupManage
List Channels in channel groupChannel GroupManage
Remove channel groupChannel GroupManage

App Context

PubNub OperationResourcePermission
Set user metadataUser IDUpdate
Delete user metadataUser IDDelete
Get user metadataUser IDGet
Get all user metadataUser IDManaged by the Disallow Get All User Metadata option in the App Context configuration on the Admin Portal.

When this option is unchecked, and Access Manager is enabled in an app, you can get metadata of all users without the need to define that in the permissions schema included in the authentication token.
Set channel metadataChannelUpdate
Delete channel metadataChannelDelete
Get channel metadataChannelGet
Get all channel metadataChannelManaged by the Disallow Get All Channel Metadata option in the App Context configuration on the Admin Portal.

When this option is unchecked, and Access Manager is enabled in an app, you can get metadata of all channels without the need to define that in the permissions schema included in the authentication token.
Set channel membersChannelManage
Remove channel membersChannelDelete
Get channel membersChannelGet
Set channel membershipsChannel, User IDChannels: Join
User ID: Update
Remove channel membershipsChannel, User IDChannels: Join
User ID: Update
Get channel membershipsUser IDGet

Mobile Push Notifications

PubNub OperationResourcePermission
Register channel for pushChannelRead
Remove channel's push registrationChannelRead

Message Reactions

PubNub OperationResourcePermission
Add Message ReactionChannelWrite
Remove Message ReactionChannelDelete
Get Message ReactionsChannelRead
Get History with ReactionsChannelRead
Last updated on