Bosch IoT Device Management

Add a policy entry to the policy of a solution

Prerequisites

You are empowered to change the specific policy.

Goal

Given you have decided to empower your organization team members with role Developer to read the metrics of the managed connections.

Request

Use the API docs of Bosch IoT Things

  • Authorize with a fresh Suite OAuth token.
    See Create a Suite Auth client for an organization role

  • Policies resource:

    • PUT/policies/{policyId}/entries/{label}

    • Click Try it out

    • Set the policyId to the policy for your solution "com.bosch.iot.things.solution:your-service-instance-id"

    • Set the label to "Developer-read-metrics"

    • Set the Request body like in the following snippet,
      but replace the <your-service-instance-id> and <your-connection-ID> with the real IDs.

      {
      "subjects": {
      "iot-suite-int:/organization.<your-service-instance-id>.Developer": {
      "type": "team-developer"
      }
      },
      "resources": {
      "solution:/connections//metrics": {
      "grant": ["READ"],
      "revoke": []
      }
      }
      }
    • Execute.

Response

Upon success you get the status 201 "The Policy entry was successfully created."

To retrieve a the complete solution's policy request GET /policies​/{policyId}.

The result should show the new entry.

{
"policyId": "com.bosch.iot.things.solution:<your-service-instance-Id>",
"entries": {
"DEFAULT": "same as before",
"DEFAULT_SOLUTION_MANAGEMENT": "same as before",
"Developer-read-metrics": {
"subjects": {
"iot-suite-int:/organization.<your-service-instance-id>.Developer": {
"type": "team-developer"
}
},
"resources": {
"solution:/connections//metrics": {
"grant": ["READ"],
"revoke": []
}
}
}
}
}

All team developers who will authenticate with SuiteAuth token which holds the role, are now allowed to request the metrics as described in our Solution HTTP API docs.

In case the Developers are not interested in all metrics, you can even empower them to read a deeper level, e.g.
solution:/connections/<your-TEST-connection-ID>/metrics/connectionMetrics/consumed
or
solution:/connections/<your-TEST-connection-ID>/metrics/connectionMetrics/enforced/success
as long as the path you describe follows the schema of a connection.