Expand the policy of the demo device
Prerequisites
You are empowered to change the specific policy.
You have already booked a Bosch IoT Insights instance
You have already established the connection from the digital twin layer to Bosch IoT Insights
Goal
Given you need to provide your Bosch IoT Insights subscription permissions to READ the compass values of a Demo device.
The full path for a Demo device's compass feature would be thing:/features.
Add the policy entry via the UI
Open the Devices view.
Select the device whose policy needs a change.
Open the Policy view - you see the defaults created at step provisioning.
Click + to add an additional entry.
Set the label (any string, we call it INSIGHTS as a hint to better understand the policy.
Add the subject, which is composed following the pattern integration:ID:insights.
Select integration from the drop-down Issuer (prefix).In the field ID, enter the rest ID:insights from the Auth part in your connection (from the step before).
In the field Type, enter any descriptive string, e.g. it-insights-integration.
Click + to add a resource, i.e. what will the subject have access to.
Enter the Resource path thing:/features.
Grant the permission Read.
Save the settings.
Check the result in the JSON view
Your complete policy would look similar to the following example:
{ "policyId": "<your.namespace>:<your-demo-device-name>", "entries": { "DEFAULT": { ... }, "DEVICE": { ... }, "DEVICE-MANAGEMENT": { ... }, "Insights": { "subjects": { "integration:<your-service-instannce-id>_things:insights": { "type": "iot-insights-integration" } }, "resources": { "thing:/features: { "grant": [ "READ" ], "revoke": [] } } } }Further reading
The basic concept and all types of subject and resources are documented at Digital twins > Policy of a thing.