Create a policy entry for the Insights connection
Prerequisites
You are empowered to change the specific policy.
You have already booked an Bosch IoT Insights instance
You have already established the connection - Connection to Bosch IoT Insights
Goal
Given you need to provide your Bosch IoT Insights subscription permissions to READ the temperature values of an Octopus device.
The application itself should only have permission to READ "sensorValue" of feature "ambient_temperature" of this device.
The full path for an Octopus device would be "thing:/features/ambient_temperature/properties/status/sensorValue".
Add the policy entry via the Developer Console
Alternative: add the policy entry via HTTP Request
Do not use the DEFAULT entry as a sandbox, but always create own small entries which you understand and you can deal with the impact.
Deleting a small policy entry is a lot easier then deleting a complete policy.
Use the API docs of Bosch IoT Things
Authorize with a fresh Suite OAuth token.
See Create a Suite Auth clientPolicies resource:
Click Try it out
Set the policyId to your.namespace:your-octopus-name
Set the label to "insights-read-thing-temp"
Set the Request body
{
"subjects"
: {
"integration:<your-service-instance-ID>:insights"
: {
"type"
:
"connection-target"
}
},
"resources"
: {
"thing:/features/ambient_temperature/properties"
: {
"grant"
: [
"READ"
],
"revoke"
: []
}
}
}
Copy the correct notation for the authorized subject from the Insights connection > target.
However if you don't know the exact path just add "thing:/". This will grant your connection read permission on all the features.
Click Execute.
Check
Your complete policy would look similar to the following example:
{
"policyId"
:
"your.namespace:your-octopus-name"
,
"entries"
: {
// "DEFAULT": {},
// "DEVICE": {},
// "DEVICE-MANAGEMENT": {},
"insights-read-thing-temp"
: {
...
},
"solution-owner"
:{
...
}
}
}
Further reading
The basic concept and all types of subject and resources are documented at Policies.