diff --git a/apps/emqx_authz/etc/acl.conf b/apps/emqx_authz/etc/acl.conf
index 2948f2af7..a1cfd41d3 100644
--- a/apps/emqx_authz/etc/acl.conf
+++ b/apps/emqx_authz/etc/acl.conf
@@ -3,9 +3,9 @@
 %%
 %% -type(ipaddrs() :: {ipaddrs, string()}).
 %%
-%% -type(username() :: {username, regex()}).
+%% -type(username() :: {user | username, string()} | {user | username, {re, regex()}}).
 %%
-%% -type(clientid() :: {clientid, regex()}).
+%% -type(clientid() :: {client | clientid, string()} | {client | clientid, {re, regex()}}).
 %%
 %% -type(who() :: ipaddr() | ipaddrs() |username() | clientid() |
 %%                {'and', [ipaddr() | ipaddrs()| username() | clientid()]} |
@@ -20,7 +20,7 @@
 %%
 %% -type(permission() :: allow | deny).
 %%
-%% -type(rule() :: {permission(), who(), access(), topics()}).
+%% -type(rule() :: {permission(), who(), access(), topics()} | {permission(), all}).
 %%--------------------------------------------------------------------
 
 {allow, {username, "^dashboard?"}, subscribe, ["$SYS/#"]}.
diff --git a/apps/emqx_authz/src/emqx_authz_rule.erl b/apps/emqx_authz/src/emqx_authz_rule.erl
index deb8968c6..5f4dcfcab 100644
--- a/apps/emqx_authz/src/emqx_authz_rule.erl
+++ b/apps/emqx_authz/src/emqx_authz_rule.erl
@@ -32,16 +32,21 @@
 
 -export_type([rule/0]).
 
+compile({Permission, all}) when ?ALLOW_DENY(Permission) -> {Permission, all, all, [compile_topic(<<"#">>)]};
 compile({Permission, Who, Action, TopicFilters}) when ?ALLOW_DENY(Permission), ?PUBSUB(Action), is_list(TopicFilters) ->
     {atom(Permission), compile_who(Who), atom(Action), [compile_topic(Topic) || Topic <- TopicFilters]}.
 
 compile_who(all) -> all;
-compile_who({username, Username}) ->
+compile_who({user, Username}) -> compile_who({username, Username});
+compile_who({username, {re, Username}}) ->
     {ok, MP} = re:compile(bin(Username)),
     {username, MP};
-compile_who({clientid, Clientid}) ->
+compile_who({username, Username}) -> {username, {eq, bin(Username)}};
+compile_who({client, Clientid}) -> compile_who({clientid, Clientid});
+compile_who({clientid, {re, Clientid}}) ->
     {ok, MP} = re:compile(bin(Clientid)),
     {clientid, MP};
+compile_who({clientid, Clientid}) -> {clientid, {eq, bin(Clientid)}};
 compile_who({ipaddr, CIDR}) ->
     {ipaddr, esockd_cidr:parse(CIDR, true)};
 compile_who({ipaddrs, CIDRs}) ->
@@ -102,14 +107,16 @@ match_action(_, all) -> true;
 match_action(_, _) -> false.
 
 match_who(_, all) -> true;
-match_who(#{username := undefined}, {username, _MP}) ->
+match_who(#{username := undefined}, {username, _}) ->
     false;
-match_who(#{username := Username}, {username, MP}) ->
+match_who(#{username := Username}, {username, {eq, Username}}) -> true;
+match_who(#{username := Username}, {username, {re_pattern, _, _, _, _} = MP}) ->
     case re:run(Username, MP) of
         {match, _} -> true;
         _ -> false
     end;
-match_who(#{clientid := Clientid}, {clientid, MP}) ->
+match_who(#{clientid := Clientid}, {clientid, {eq, Clientid}}) -> true;
+match_who(#{clientid := Clientid}, {clientid, {re_pattern, _, _, _, _} = MP}) ->
     case re:run(Clientid, MP) of
         {match, _} -> true;
         _ -> false
diff --git a/apps/emqx_authz/test/emqx_authz_rule_SUITE.erl b/apps/emqx_authz/test/emqx_authz_rule_SUITE.erl
index c38d99cba..3c7e314cd 100644
--- a/apps/emqx_authz/test/emqx_authz_rule_SUITE.erl
+++ b/apps/emqx_authz/test/emqx_authz_rule_SUITE.erl
@@ -22,11 +22,11 @@
 -include_lib("eunit/include/eunit.hrl").
 -include_lib("common_test/include/ct.hrl").
 
--define(SOURCE1, {deny,  all, all, ["#"]}).
+-define(SOURCE1, {deny,  all}).
 -define(SOURCE2, {allow, {ipaddr,  "127.0.0.1"}, all, [{eq, "#"}, {eq, "+"}]}).
 -define(SOURCE3, {allow, {ipaddrs, ["127.0.0.1", "192.168.1.0/24"]}, subscribe, ["%c"]}).
--define(SOURCE4, {allow, {'and', [{clientid, "^test?"}, {username, "^test?"}]}, publish, ["topic/test"]}).
--define(SOURCE5, {allow, {'or',  [{username, "^test"},  {clientid, "test?"}]},  publish, ["%u", "%c"]}).
+-define(SOURCE4, {allow, {'and', [{client, "test"}, {user, "test"}]}, publish, ["topic/test"]}).
+-define(SOURCE5, {allow, {'or',  [{username, {re, "^test"}},  {clientid, {re, "test?"}}]},  publish, ["%u", "%c"]}).
 
 all() ->
     emqx_ct:all(?MODULE).
@@ -52,7 +52,7 @@ t_compile(_) ->
                }, emqx_authz_rule:compile(?SOURCE3)),
 
     ?assertMatch({allow,
-                  {'and', [{clientid, {re_pattern, _, _, _, _}}, {username, {re_pattern, _, _, _, _}}]},
+                  {'and', [{clientid, {eq, <<"test">>}}, {username, {eq, <<"test">>}}]},
                   publish,
                   [[<<"topic">>, <<"test">>]]
                  }, emqx_authz_rule:compile(?SOURCE4)),