By default, a developer would open the Bosch IoT Suite Console from the list of service subscriptions and will thus act in the context of one specific subscription.
However, in this example we want to share one thing with another application -and act as another application to check our work.
You have 2 subscriptions: e.g. one for things in namespace "my.namespace.example" (1) and one for things in namespace "test.demo" (2).
For the second subscription you will need an OAuth2 client. See Create a Suite Auth client in case you have not created one yet.
We assume the instance 2 needs to read a thing, which belongs to the instance 1.
You will update the policy of a thing my.namespace.example:device-01 of instance 1 and allow instance 2 to read the values.
By authenticating with the OAuth2 token, you will act on behalf of instance 2 to check your work.
Use the Bosch IoT Suite Console to manage your things
If you start in the Suite portal, the navigation items would be:
Subscriptions list https://accounts.bosch-iot-suite.com/subscriptions/ > your instance > click Go to Developer Console.
In case you have provisioned already devices, you should be able to see the list of Things.
Add a new policy entry to allow instance 2 to read the things path
Create a new policy entry
Label can be for example demo2.
The subject is of type "iot-suite" and holds a service instance ID of the Device Management.
The type is mandatory, but only descriptive, so we set instance demo 2.
The correct notation field 5 is /service-instance.<the-ID>.iot-things
Grant read and write permission for the Resource path "thing:/".
Now, the instance 2 should be allowed to read and write the specific thing.
Change the context of the acting subject
Open a new browser tab,
Navigate to your list of SuiteAuth clients at https://accounts.bosch-iot-suite.com/oauth2-clients/.
Click use for the token of instance 2.
Copy the token to your clipboard and navigate back to your Bosch IoT Suite Console tab.
Open your user details and click Act as application.
A pop-up will appear where you can enter the token, which will temporarily overwrite your authentication. Thus, you will be working in the context of the instance 2.
Upon success, the console will read out some of the information included in that token, in order to give you the possibility to check again it is the one you wanted to be applied.
Check your work
Check the visibility for the application
Acting as the instance 2 you should be able see the specific thing of instance 1. However, as the Things list in the developer console will show by default only the things of the current subscription (i.e. instance 2 which has another namespace) you will not see it.
However, you can add a filter for the namespace used for the thing in the subscription of origin, and make it visible.
Go back to your subscription
Click the robot and stop acting as the application.
Now you are back to your common environment.