Add a policy entry

Prerequisites

You are empowered to change the specific policy.

Goal

Given you have decided to empower another user with ID "Bosch-ID-for-support-user" to read ALL things related to the policy "your.namespace:policy-01".

Request

Use the API docs of Bosch IoT Things

  • Authorize with a fresh Suite OAuth token.
    See Device provisioning > Authorize.

  • Policies resource:

    • PUT/policies/{policyId}/entries/{label}

    • Set the policyId to your.namespace:policy-01

    • Set the label to "USER-read"

    • Set the body part

      {
      "subjects": {
      "bosch:<Bosch-ID-of-the-user>": {
      "type": "bosch-id"
      }
      },
      "resources": {
      "thing:/": {
      "grant": [
      "READ"
      ],
      "revoke": []
      }
      }
      }
    • Execute

Response

Upon success you get the status 201 "The Policy entry was successfully created."

Test 1

GET/policies/{policyId} and check of the new entry is there as you need it.

{
"policyId": "your.namespace:policy-01",
"entries": {
"DEFAULT": {
"subjects": {
"iot-suite:your-oauth2-client-scope": {
"type": "suite-auth"
}
},
"resources": {
"policy:/": {
"grant": [
"READ",
"WRITE"
],
"revoke": []
},
"thing:/": {
"grant": [
"READ",
"WRITE"
],
"revoke": []
},
"message:/": {
"grant": [
"READ",
"WRITE"
],
"revoke": []
}
}
},
"DEVICE": {
"subjects": {
"integration:your-things-solution-id:hub": {
"type": "iot-things-integration"
}
},
"resources": {
"thing:/": {
"grant": [
"READ",
"WRITE"
],
"revoke": []
},
"message:/": {
"grant": [
"READ",
"WRITE"
],
"revoke": []
}
}
},
"USER-read": {
"subjects": {
"bosch:S-1-xxx": {
"type": "bosch-id"
}
},
"resources": {
"thing:/": {
"grant": [
"READ"
],
"revoke": []
}
}
}
}
}

Test 2

Let the user with the specific Bosch ID test if he can see the thing: