Bosch IoT Device Management

Manage a policy via Hub HTTP API

In general, the Things service regards policies as something that does not change very often.

Additionally, by default the Hub connection is not allowed to change it. See Initial policy.

Goal

In this special case, let us assume that your devices would really need to manage their own policy.

Procedure

Get permission to read and write the policy

First of all, you would need to add write permission on the policy:/ resource in the DEVICE policy entry.

Example via Developer Console Manage a policy via Bosch IoT Suite Console

images/confluence/download/attachments/1634788027/policy-device.png

Example Things HTTP API similar to Add a policy entry.

Update the DEVICE entry to empowered with read and write permission.

Now, that you gave write permission to the DEVICE, you can try to simulate that the device driver needs to change the policy.

Navigate to the API docs

Bosch IoT Hub > HTTP Adapter > telemetry.

Authorize

The pop-up offers basic authentication.

In this example, you will mimic the hello-world-device.
Therefore, please authenticate with:

  • the username auth-ID@Hub-tenant-ID and

  • the password

as you have set them at the start, in the provisioning.

You can copy the Username from the Bosch IoT Suite console.

images/confluence/download/attachments/1634788021/hello-world-hub-username.png

Navigate Things > hello world > Device > Credentials, from there you can copy the Username to the clipboard and use it in the Authorization pop-up at the HTTP API docs.


images/confluence/download/attachments/1634788021/hub-basic-auth.png

Close the popup.

Send the policy change as telemetry data


This topic is composed slightly differently.

instead of

"<namespace>/<device-name>/things/twin/commands/modify"

the pattern is

"<namespace>/<device-name>/policies/commands/modify"

By default, we use the device-name also for the thing-name and for the policy-name.

https://www.eclipse.org/ditto/protocol-specification-policies-create-or-modify.html#create-or-modify-a-policy

{
"topic": "xxx-add-your-namespace-xxx/hello-world-device-01/policies/commands/modify",
"path": "/entries/new-user-section",
"value": {
"subjects": {
"bosch:<your-bosch-id>": {
"type": "bosch-id"
},
"resources": {
"thing:/": {
"grant": [
"READ",
"WRITE"
],
"revoke": []
}
}
}
}
}

Result

The policy changes are forwarded via managed connection to Bosch IoT Things.

Check your work

The easiest way to see if setting a new policy entry succeeded, is to open the Policy section in Bosch IoT Suite Console.