Bosch IoT Manager

New team members querying devices from Device Inventory through Rollouts

When you subscribe your instance of Bosch IoTDevice Management, you are automatically assigned the role of an Owner and you can add other users to your subscription as Team Members with different roles - Owner, Manager, Developer, and Auditor.

In case your newly added team member experiences any problems querying devices through Bosch IoT Rollouts against Bosch IoT Manager's Device Inventory, please make sure that your policy has the proper entries, subjects and the respective read and write permissions - especially in the DEVICE-MANAGEMENT entry.

It is expected that Bosch IoT Rollouts will have the same set of read and write permissions as that of Bosch IoT Manager and Bosch IoT Things.

Below is an example of the required policy entries, subjects and permissions that you may follow as a template. This configuration works properly for Bosch IoT Hub, Things, Manager, and Rollouts all together. If your device does not communicate via Bosch IoT Hub, you do not need the DEVICE entry.

"entries": {
"DEVICE": {
"subjects": {
"integration:{service_instance_id}_things:hub": {
"type": "iot-things-integration"
}
},
"resources": {
"policy:/": {
"grant": [
"READ"
],
"revoke": []
},
"message:/": {
"grant": [
"READ",
"WRITE"
],
"revoke": []
},
"thing:/": {
"grant": [
"READ",
"WRITE"
],
"revoke": []
}
}
},
"DEFAULT": {
"subjects": {
"iot-suite:/service-instance.{service_instance_id}.iot-things": {
"type": "suite-auth"
}
},
"resources": {
"policy:/": {
"grant": [
"READ",
"WRITE"
],
"revoke": []
},
"thing:/": {
"grant": [
"READ",
"WRITE"
],
"revoke": []
},
"message:/": {
"grant": [
"READ",
"WRITE"
],
"revoke": []
}
}
},
"DEVICE-MANAGEMENT": {
"subjects": {
"iot-suite:/service-instance.{service_instance_id}.iot-things@iot-manager": {
"type": "suite-auth"
},
"iot-suite:/service-instance.{service_instance_id}.iot-things@developer-console": {
"type": "suite-auth"
},
"iot-suite:/service-instance.{service_instance_id}.iot-things@iot-rollouts": {
"type": "suite-auth"
},
"integration:{service_instance_id}_things:iot-manager": {
"type": "iot-things-integration"
}
},
"resources": {
"policy:/": {
"grant": [
"READ",
"WRITE"
],
"revoke": []
},
"thing:/": {
"grant": [
"READ",
"WRITE"
],
"revoke": []
},
"message:/": {
"grant": [
"READ",
"WRITE"
],
"revoke": []
}
}
}
}


Find out more on team restrictions in Multi-user support.

Further policy examples

You may also refer to the policy examples section of Bosch IoT Device Management.