Policy of a solution
The solution policy defines the access rules for your solution.
Editing the solution policy is pretty similar to editing any other policy. While any change can turn out quite powerful and can only be undone via a new request by someone who is authorized, the rule number one is: do not lock yourself out. Further, it is not recommended to empower other users to write the policy, as these could also result in locking you out, either by mistake or by purpose.
Manage your solution programmatically
In some cases, it is useful to manage your solution programmatically.
By default a solution’s policy looks like the following.
{
"policyId": "com.bosch.iot.things.solution:<your-service-instance-id>",
"entries": {
"DEFAULT": {
"subjects": {
"bosch:<bosch-id-of-the-one-who-triggered-the-subscription>": {
"type": "generated"
},
"iot-suite:/organization.<org-guid>.Developer": {
"type": "generated"
},
"iot-suite:/organization.<org-guid>.Manager": {
"type": "generated"
},
"iot-suite:/organization.<org-guid>.Owner": {
"type": "generated"
},
"iot-suite:/service-instance.<your-service-instance-id>.iot-things@iot-things": {
"type": "generated"
}
},
"resources": {
"policy:/": {
"grant": [
"READ",
"WRITE"
],
"revoke": []
},
"solution:/": {
"grant": [
"READ",
"WRITE"
],
"revoke": []
}
}
},
"DEFAULT_SOLUTION_MANAGEMENT": {
"subjects": {
"iot-suite:/service-instance.<your-service-instance-id>.iot-things@developer-console": {
"type": "generated suite auth client subject"
}
},
"resources": {
"solution:/": {
"grant": [
"READ",
"WRITE"
],
"revoke": []
}
}
}
}
}
The subjects “iot-suite:/organization.