SystemAuthentication.store
The SystemAuthentication.store file defines the roles that are assigned by the system authentication handler to client sessions that have authenticated with a specific security principal. It also defines whether anonymous connections are allowed or denied.
The following sections each describe the syntax for a single line of the file.
Adding a principal

add principal "user6" "passw0rd" add principal "user13" "passw0rd" ["CLIENT" "TOPIC_CONTROL"]
The password is passed in as plain text, but is stored in the system authentication store as a secure hash.
Removing a principal

remove principal "user25"
Assigning roles to a principal

assign roles "agent77" ["CLIENT", "CLIENT_CONTROL"]
When you use this command to assign roles to a principal, it overwrites any existing roles assigned to that principal. Ensure that all the roles you want the principal to have are listed in the command.
Setting the password for a principal

set password "user1" "passw0rd"
The password is passed in as plain text, but is stored in the system authentication store as a secure hash.
Verifying the password for a principal

verify password "user1" "passw0rd"
The password is passed in as plain text, but is stored in the system authentication store as a secure hash.
Allowing anonymous connections

allow anonymous connections [ "CLIENT" ]
Denying anonymous connections

deny anonymous connections
Abstaining from providing a decision about anonymous connections

abstain anonymous connections