Bosch IoT Device Management - will be discontinued by mid 2024

Solution policy

The solution policy defines the access rules for your digital twin instance. The solution policy ID is defined automatically by our service at the time of subscribing the service, thus you will not be able to set a different ID (e.g. like you could do it for a thing entity).


Find your solution policy ID at the dashboard’s Basic data tab.

The ID follows the pattern com.bosch.iot.things.solution:<your-service-instance-id>.

Someone who was granted WRITE permission at the solution root resource (i.e. solution:/) is allowed to manage the solution itself.


Resource

Addressed data, description

 
solution:/

The solution itself (top-level).
Applies to the solution and all of its sub-resources.

 
solution:/namespaces

Applies to all namespaces of the solution.

See also Namespace policy in case you need to restrict who is allowed to create things or thing policies of specific namespace.

 
solution:/connections

Applies to all connections of the solution.

 
solution:/connections/<connectionId>

Applies to the specific connection with the given connectionId.

 
solution:/connections/<connectionId>/status

Applies to the status of the specific connection with the given connectionId.

 
solution:/connections/<connectionId>/metrics

Applies to all metrics of the specific connection with the given connectionId.

 
solution:/connections/<connectionId>/metrics/etc.

Applies to specific metrics of the specific connection with the given connectionId.

 
solution:/connections/<connectionId>/logs

Applies to all logs of the specific connection with the given connectionId.

 
solution:/connections/<connectionId>/logs/etc.

Applies to specific log entries of the specific connection with the given connectionId.

Editing the solution policy is pretty similar to editing any other policy.

While any change can turn out quite powerful and can only be undone via a new request by someone who is authorized, the rule number one is: do not lock yourself out.

Further, it is not recommended to empower other users to write the policy, as these could also result in locking you out, either by mistake or by purpose.

Manage your solution programmatically

In some cases, it is useful to manage your solution programmatically.

By default a solution's policy looks like the following.

{
"policyId": "com.bosch.iot.things.solution:<your-service-instance-id>",
"entries": {
"DEFAULT": {
"subjects": {
"bosch:<bosch-id-of-the-one-who-triggered-the-subscription>": {
"type": "generated"
},
"iot-suite:/organization.<org-guid>.Developer": {
"type": "generated"
},
"iot-suite:/organization.<org-guid>.Manager": {
"type": "generated"
},
"iot-suite:/organization.<org-guid>.Owner": {
"type": "generated"
},
"iot-suite:/service-instance.<your-service-instance-id>.iot-things@iot-things": {
"type": "generated"
}
},
"resources": {
"policy:/": {
"grant": [
"READ",
"WRITE"
],
"revoke": []
},
"solution:/": {
"grant": [
"READ",
"WRITE"
],
"revoke": []
}
}
},
"DEFAULT_SOLUTION_MANAGEMENT": {
"subjects": {
"iot-suite:/service-instance.<your-service-instance-id>.iot-things@developer-console": {
"type": "generated suite auth client subject"
}
},
"resources": {
"solution:/": {
"grant": [
"READ",
"WRITE"
],
"revoke": []
}
}
}
}
}

The subjects "iot-suite:/organization.<org-guid>.Developer", "iot-suite:/organization.<org-guid>.Manager", and "iot-suite:/organization.<org-guid>.Owner" are added by default at subscription time for new subscriptions after June 24, 2021.
If your subscription is older, feel free to manually add those entries to your solution's policy. This will enable your team to manage all solutions sub-resources like namespaces, connections, clients etc. see all at apidocs > Bosch IoT Things > Solutions.