Add a policy entry to the policy of a solution
Prerequisites
You are empowered to change the specific policy.
Goal
Given you have decided to empower your organization team members with role Developer to read the metrics of the managed connections.
Request
Use the API docs of Bosch IoT Things
Authorize with a fresh Suite OAuth token.
See Create a Suite Auth client for an organization rolePolicies resource:
Click Try it out
Set the policyId to the policy for your solution "com.bosch.iot.things.solution:your-service-instance-id"
Set the label to "Developer-read-metrics"
Set the Request body like in the following snippet,
but replace the <your-service-instance-id> and <your-connection-ID> with the real IDs.{
"subjects"
: {
"iot-suite-int:/organization.<your-service-instance-id>.Developer"
: {
"type"
:
"team-developer"
}
},
"resources"
: {
"solution:/connections//metrics"
: {
"grant"
: [
"READ"
],
"revoke"
: []
}
}
}
Execute.
Response
Upon success you get the status 201 "The Policy entry was successfully created."
To retrieve a the complete solution's policy request GET /policies/{policyId}.
The result should show the new entry.
{
"policyId"
:
"com.bosch.iot.things.solution:<your-service-instance-Id>"
,
"entries"
: {
"DEFAULT"
:
"same as before"
,
"DEFAULT_SOLUTION_MANAGEMENT"
:
"same as before"
,
"Developer-read-metrics"
: {
"subjects"
: {
"iot-suite-int:/organization.<your-service-instance-id>.Developer"
: {
"type"
:
"team-developer"
}
},
"resources"
: {
"solution:/connections//metrics"
: {
"grant"
: [
"READ"
],
"revoke"
: []
}
}
}
}
}
All team developers who will authenticate with SuiteAuth token which holds the role, are now allowed to request the metrics as described in our Solution HTTP API docs.
In case the Developers are not interested in all metrics, you can even empower them to read a deeper level, e.g.
solution:/connections/<your-TEST-connection-ID>/metrics/connectionMetrics/consumed
or
solution:/connections/<your-TEST-connection-ID>/metrics/connectionMetrics/enforced/success
as long as the path you describe follows the schema of a connection.