How to find the authorization subject IDs that I can use in policies? aka Who am I?

I know there is a documentation on the subject ID pattern (Concepts > Authentication and authorization > Policy), but how can I find out, what exact subject IDs are usable with my current authentication?

Answer

There is a REST resource (apidocs: Policies > /whoami), which will return the authorization subject IDs, that you can use with your current authentication.

It will return JSON with the following example payload:

{
  "defaultSubject": "iot-suite:<bosch-id>/service-instance.<id>.iot-things@iot-things",
  "subjects": [
    "iot-suite:<bosch-id>/service-instance.<id>.iot-things@iot-things",
    "iot-suite:/service-instance.<id>>.iot-things@iot-things",
    "iot-suite:<bosch-id>/service-instance.<id>.iot-things",
    "iot-suite:/service-instance.<id>.iot-things",
    "bosch:<bosch-id>@ciamids_3692D578-A9D4-406A-8675-0964925256AA"
  ] 
}

The defaultSubject will be used as default subject ID when creating a new thing or policy, but you will also have access to any resource that allows access for one of the subject IDs in the subjects list.

The Bosch IoT Things dashboard also shows all subject IDs for the authenticated user in the personal area pop-up.

Corporate information Data protection notice Legal information Support Free plans