Client groups play a critical role in Broker security. After you configure Broker SSL authentication (see Managing Broker Security), you can define Access Control Lists (ACLs) for a client group. ACLs are lists of SSL distinguished names (DNs) or basic authentication aliases that restrict access to a Broker object (see Access Control Lists). When configured for a client group, ACLs specify the clients that have permission to join.

You can use client group ACLs to restrict which clients have permission to access a Broker document type. For more information, see Client Group ACLs.

You can also use client groups to specify whether a client needs an access label to join. Access labels secure individual messages based on access privilege level, and are an advanced security feature of Broker. For more information, see Using Access Labels.