By default, a developer would open the Bosch IoT Suite Console from the list of service subscriptions and will thus act in the context of one specific subscription.
However, in this example we want to share one thing with another application -and act as another application to check our work.
You have 2 subscriptions: e.g., one of type Asset Communication package and one of type Device Management package.
For the Device Management package you will need an OAuth2 client. See Create a Suite Auth client in case you have not created one yet.
We assume the subscription of the Device Management package needs to read a thing, which belongs to Asset Communication package instance.
After updating the policy, you will change the context to verify, if the Device Management package instance can now see it.
By authenticating with the OAuth2 token, you will act on behalf of the Device Management package.
Use the developer console managing your things
If you start in the Suite portal, the navigation items would be:
Subscriptions list https://accounts.bosch-iot-suite.com/subscriptions/ > your instance > click Go to Developer Console.
In case you have provisioned already devices, you should be able to see the list of Things.
Add a new policy entry to allow DMP to read the things path
Create a new policy entry
Label can be for example DMP.
The subject is of type "iot-suite" and holds a service instance ID of the Device Management package instance. Type is only descriptive so we set dmp.
The correct notation field 5 is /service-instance.<the-ID>.iot-things
Grant read and write permission for the resource path "thing:/".
Now, the other subscription should be allowed to read and write the thing.
Change the context of the acting subject
Open a new browser tab,
Navigate to your list of Suite-Auth clients at https://accounts.bosch-iot-suite.com/oauth2-clients/.
Click use for the Device Management package token.
Copy the token to your clipboard and navigate back to your Developer Console tab.
Open your user details and click Act as application.
A pop-up will appear where you can enter the token, which will temporarily overwrite your authentication. Thus, you will be working in the context of the Device Management package.
Upon success, the console will read out some of the information included in that token, in order to give you the possibility to check again it is the one you wanted to be applied.
Check your work
Check the visibility for the application
Acting as the application you should be able see the thing. However, as the Things list in the developer console will show by default only the things of the current subscription - which is Device Management package - you will not see it.
However, you can add a filter for the namespace used for the thing in the subscription of origin, and make it visible.
Go back to your subscription
Click the robot and stop acting as the application.
Now you are back to your common environment.