Bosch IoT Device Management - will be discontinued by mid 2024

Create a policy entry for the Insights connection

Prerequisites

  • You are empowered to change the specific policy.

  • You have already booked an Bosch IoT Insights instance

  • You have already established the connection - Connection to Bosch IoT Insights

Goal

Given you need to provide your Bosch IoT Insights subscription permissions to READ the temperature values of an Octopus device.

The application itself should only have permission to READ "sensorValue" of feature "ambient_temperature" of this device.

The full path for an Octopus device would be "thing:/features/ambient_temperature/properties/status/sensorValue".

Add the policy entry via the Developer Console

images/confluence/download/attachments/1634788203/octo-policy-insights.png

Alternative: add the policy entry via HTTP Request

Do not use the DEFAULT entry as a sandbox, but always create own small entries which you understand and you can deal with the impact.
Deleting a small policy entry is a lot easier then deleting a complete policy.

Use the API docs of Bosch IoT Things

  • Authorize with a fresh Suite OAuth token.
    See Create a Suite Auth client

  • Policies resource:

    1. PUT/policies/{policyId}/entries/{label}

    2. Click Try it out

    3. Set the policyId to your.namespace:your-octopus-name

    4. Set the label to "insights-read-thing-temp"

    5. Set the Request body

      {
      "subjects": {
      "integration:<your-service-instance-ID>:insights": {
      "type": "connection-target"
      }
      },
      "resources": {
      "thing:/features/ambient_temperature/properties": {
      "grant": [
      "READ"
      ],
      "revoke": []
      }
      }
      }

      Copy the correct notation for the authorized subject from the Insights connection > target.
      However if you don't know the exact path just add "thing:/". This will grant your connection read permission on all the features.

  • Click Execute.

Check

Your complete policy would look similar to the following example:

{
"policyId": "your.namespace:your-octopus-name",
"entries": {
// "DEFAULT": {},
// "DEVICE": {},
// "DEVICE-MANAGEMENT": {},
"insights-read-thing-temp": {
...
},
"solution-owner":{
...
}
 }
}

Further reading

The basic concept and all types of subject and resources are documented at Policies.