Bosch IoT Device Management

Expand the policy of the demo device

Prerequisites

  • You are empowered to change the specific policy.

  • You have already booked a Bosch IoT Insights instance

  • You have already established the connection from the digital twin layer to Bosch IoT Insights

Goal

Given you need to provide your Bosch IoT Insights subscription permissions to READ the compass values of a Demo device.

The full path for a Demo device's compass feature would be thing:/features.

Add the policy entry via the UI

  1. Open the Devices view.

  2. Select the device whose policy needs a change.

  3. Open the Policy view - you see the defaults created at step provisioning.

  4. Click + to add an additional entry.

  5. Set the label (any string, we call it INSIGHTS as a hint to better understand the policy.

  6. Add the subject, which is composed following the pattern integration:ID:insights.
    Select integration from the drop-down Issuer (prefix).

  7. In the field ID, enter the rest ID:insights from the Auth part in your connection (from the step before).

  8. In the field Type, enter any descriptive string, e.g. it-insights-integration.

  9. Click + to add a resource, i.e. what will the subject have access to.

  10. Enter the Resource path thing:/features.

  11. Grant the permission Read.

  12. Save the settings.

images/confluence/download/attachments/2232980534/demo-policy-for-insights.png

Check the result in the JSON view

Your complete policy would look similar to the following example:

{
"policyId": "<your.namespace>:<your-demo-device-name>",
"entries": {
"DEFAULT": {
...
},
"DEVICE": {
...
},
"DEVICE-MANAGEMENT": {
...
},
"Insights": {
"subjects": {
"integration:<your-service-instannce-id>_things:insights": {
"type": "iot-insights-integration"
}
},
"resources": {
"thing:/features: {
"grant": [
"READ"
],
"revoke": []
}
}
  }
}


Further reading

The basic concept and all types of subject and resources are documented at Digital twins > Policy of a thing.