Bosch IoT Device Management

Work in the context of another application using the console

By default, a developer would open the Bosch IoT Suite Console from the list of service subscriptions and will thus act in the context of one specific subscription.

However, in this example we want to share one thing with another application -and act as another application to check our work.

Prerequisites

  • You have 2 subscriptions: e.g. one for things in namespace "my.namespace.example" (1) and one for things in namespace "test.demo" (2).

  • For the second subscription you will need an OAuth2 client. See Create a Suite Auth client in case you have not created one yet.

Goal

We assume the instance 2 needs to read a thing, which belongs to the instance 1.
You will update the policy of a thing my.namespace.example:device-01 of instance 1 and allow instance 2 to read the values.
By authenticating with the OAuth2 token, you will act on behalf of instance 2 to check your work.

Use the Bosch IoT Suite Console to manage your things

If you start in the Suite portal, the navigation items would be:

In case you have provisioned already devices, you should be able to see the list of Things.

Add a new policy entry to allow instance 2 to read the things path

Create a new policy entry

  • Label can be for example demo2.

  • The subject is of type "iot-suite" and holds a service instance ID of the Device Management.
    The type is mandatory, but only descriptive, so we set instance demo 2.

    The correct notation field 5 is /service-instance.<the-ID>.iot-things


  • Grant read and write permission for the Resource path "thing:/".

Now, the instance 2 should be allowed to read and write the specific thing.

images/confluence/download/attachments/1634788219/policy-forDMP.png

Change the context of the acting subject

Open a new browser tab,

Open your user details and click Act as application.

images/confluence/download/attachments/1634788219/act-as-application-change.png

A pop-up will appear where you can enter the token, which will temporarily overwrite your authentication. Thus, you will be working in the context of the instance 2.

images/confluence/download/attachments/1634788219/token-entry-field.png

Upon success, the console will read out some of the information included in that token, in order to give you the possibility to check again it is the one you wanted to be applied.

images/confluence/download/attachments/1634788219/robo-acting-as-application.png

Check your work

Check the visibility for the application

Acting as the instance 2 you should be able see the specific thing of instance 1. However, as the Things list in the developer console will show by default only the things of the current subscription (i.e. instance 2 which has another namespace) you will not see it.

However, you can add a filter for the namespace used for the thing in the subscription of origin, and make it visible.

images/confluence/download/attachments/1634788219/things-filter.png

Go back to your subscription

Click the robot and stop acting as the application.

Now you are back to your common environment.