Manage a policy via Hub HTTP API
In general, the digital twin layer regards policies as something that does not change very often.
Additionally, by default the Hub connection is not allowed to change it. See Initial policy.
Goal
In this special case, let us assume that your devices would really need to manage their own policy.
Procedure
Get permission to read and write the policy
First of all, you would need to add write permission on the policy:/ resource in the DEVICE policy entry.
Example via Developer Console Manage a policy via Bosch IoT Suite UI
Example Things HTTP API similar to Add a policy entry.
Update the DEVICE entry to empowered with read and write permission.
Now, that you gave write permission to the DEVICE, you can try to simulate that the device driver needs to change the policy.
Authorize
The pop-up offers basic authentication.
In this example, you will mimic the hello-world-device.
Therefore, please authenticate with:
the username auth-ID@Hub-tenant-ID and
the password
as you have set them at the start, in the provisioning.
You can copy the Username from the Bosch IoT Suite console.
Navigate Things > hello world > Device > Credentials, from there you can copy the Username to the clipboard and use it in the Authorization pop-up at the HTTP API docs.
Close the popup.
Send the policy change as telemetry data
This topic is composed slightly differently.
instead of
"<namespace>/<device-name>/things/twin/commands/modify"
the pattern is
"<namespace>/<device-name>/policies/commands/modify"
By default, we use the device-name also for the thing-name and for the policy-name.
{
"topic"
:
"xxx-add-your-namespace-xxx/hello-world-device-01/policies/commands/modify"
,
"path"
:
"/entries/new-user-section"
,
"value"
: {
"subjects"
: {
"bosch:<your-bosch-id>"
: {
"type"
:
"bosch-id"
},
"resources"
: {
"thing:/"
: {
"grant"
: [
"READ"
,
"WRITE"
],
"revoke"
: []
}
}
}
}
}
Result
The policy changes are forwarded via managed connection to the digital twin layer.
Check your work
The easiest way to see if setting a new policy entry succeeded, is to open the Policy section in Bosch IoT Suite UI.