Bosch IoT Device Management - will be discontinued by mid 2024

Adjust policy to access namespaces

Problem

Due to the migration from Bosch ID (SingleKey ID) to Bosch AD (only for Bosch employees) you may receive this error message when opening the Namespaces view in the Bosch IoT Suite UI:

images/confluence/download/attachments/2959777512/purchaser_policy_problem.png

If you see such an error message go to the Organization view and check the role assigned to your user.

images/confluence/download/attachments/2959777512/purchaser_policy_userRole.png

If the role is Purchaser some changes are required to your Solution policy.

Solution

  1. Create a new OAuth2 client with Owner as Organization Scope and the appropriate Service scopes:

    images/confluence/download/attachments/2959777512/purchaser_policy_createNewToken.png

  2. Copy the Things solution ID from your Subscription details:

    images/confluence/download/attachments/2959777512/purchaser_policy_getSolutionId.png

  3. Get the access token from your new OAuth2 client via one of the ways described at Use access token.

  4. Open the Bosch IoT Things HTTP API.

  5. Navigate to the Solution tab and then to GET /solutions/{solutionId}.

    1. Authorize yourself with the token you just created.

    2. Paste the Things solution ID in the input field of the GET /solutions/{solutionId} request.

      images/confluence/download/attachments/2959777512/purchaser_policy_solutionsTab.png

    3. Click Execute.

    4. Copy the policyId value from the response to use later in the next step.

  6. Navigate to the Policies tab.

  7. Retrieve your existing policy by submitting a GET /policies/{policyId} request.

    1. Paste the policyId from the previous response it in the input field.

    2. Click Execute.

    3. The response should look like:

      {
      "policyId": "com.bosch.iot.things.solution:{{Things-solution-ID}}",
      "imports": {},
      "entries": {
      "DEFAULT": {
      "subjects": {
      "iot-suite:/organization.xxxxxx-xxxx-xxxx-xxxx-xxxxx.Developer": {
      "type": "generated"
      },
      "iot-suite:/organization.xxxxxx-xxxx-xxxx-xxxx-xxxxx.Manager": {
      "type": "generated"
      },
      "iot-suite:/organization.xxxxxx-xxxx-xxxx-xxxx-xxxxx.Owner": {
      "type": "generated"
      }
      },
      "resources": {
      "policy:/": {
      "grant": [
      "READ",
      "WRITE"
      ],
      "revoke": []
      },
      "solution:/": {
      "grant": [
      "READ",
      "WRITE"
      ],
      "revoke": []
      }
      },
      "importable": "implicit"
      }
      }
      }

    4. Copy the body of the response.

  8. Then change the policy by submitting a PUT /policies/{policyId} request.

    1. Paste the policyId in the input field.

    2. In the Request body below, paste your existing policy from the previous GET response.

    3. Modify only the subjects part to include a a Purchaser subject as well.

    4. Just copy one of the other subjects and change its name to Purchaser. It should look like:

      "iot-suite:/organization.xxxxxx-xxxx-xxxx-xxxx-xxxxx.Purchaser": {
      "type": "generated"
      }

    5. And then paste it at the end of your subjects list:

      …………
      "subjects": {
      "iot-suite:/organization.xxxxxx-xxxx-xxxx-xxxx-xxxxx.Developer"": {
      "type": "generated"
      },
      "iot-suite:/organization.xxxxxx-xxxx-xxxx-xxxx-xxxxx.Manager": {
      "type": "generated"
      },
      "iot-suite:/organization.xxxxxx-xxxx-xxxx-xxxx-xxxxx.Owner": {
      "type": "generated"
      },
      "iot-suite:/organization.xxxxxx-xxxx-xxxx-xxxx-xxxxx.Purchaser": {
      "type": "generated"
      }
      },
      …………

    6. Click Execute.

Upon success you will receive a 204 response code.

You should now be able to perform CRUD operations to your namespaces.

images/confluence/download/attachments/2959777512/purchaser_policy_success.png