Create a new policy entry to allow Bosch IoT Insights read access to the demo device
Prerequisites
You are empowered to change the specific policy.
You have already booked an Bosch IoT Insights instance
You have already established the connection - Things to Insights connection
Goal
Given you need to provide your Bosch IoT Insights subscription permissions to READ the compass values of a Demo device.
The full path for a Demo device's compass feature would be thing:/features/compass.
Add the policy entry via the Developer Console
Open the Things view
Select the device whose policy needs a change
Open the Policy view - you see the defaults created at step provisioning
Click + to add an additional entry
Set the label (any string, we call it INSIGHTS as a hint to better understand the policy
Add the subject, which is composed following the pattern integration:ID:insights.
Select integration from the drop-down
Add the rest ID:insights from the Auth part in your connection (from the step before)
Type, is any descriptive string, e.g. it-insights-integration-
Click + to add an the resources, i.e. what will the subject have access to.
The Resource path is thing:/features/compass.
The permission Read.
Save the settings.
Check the result in the JSON view
Your complete policy would look similar to the following example:
{
"policyId"
:
"<your.namespace>:<your-demo-device-name>"
,
"entries"
: {
"DEFAULT"
: {
....
},
"DEVICE"
: {
....
},
"Insights"
: {
"subjects"
: {
"integration:<your-service-instannce-id>_things:insights"
: {
"type"
:
"iot-insights-integration"
}
},
"resources"
: {
"thing:/features/compass: {
"grant"
: [
"READ"
],
"revoke"
: []
}
}
}
}
Further reading
The basic concept and all types of subject and resources are documented at Bosch IoT Things > Concepts > Policies.