Bosch IoT Rollouts

Access Control List UI

Table of contents:

The Access Control List UI feature allows you to list, create and manage ACL rules.

Open it by selecting the Access Control List icon from the left navigation menu.

In order to view ACLs you must have an active ACL rule with at least VIEW permissions on RESOURCE_TYPE:ACL.

View ACL rules

Once you have opened the Access Control List UI feature you will see a list of all ACL rules.

images/confluence/download/attachments/3088361059/s%26e-acl1-version-5-modificationdate-1686676045000-api-v2.png

Each entry is listed with the following information, separated in columns:

  • Subject - who uses the rule

  • Resource - the resource entity which is affected by the rule. When a specific DEVICE_CONFIG, its name will be a link to its detailed Device configuration view.

  • Action - the actual permissions that were granted i.e. what can the subject do with the resource

  • Delete icon - you can delete an ACL entry with the delete icon.

Search ACL rules

When the list of ACL rules grows finding the one of interest will become more time consuming.

Use the Search input field to search in all three columns altogether - Subject, Resource and Action.

images/confluence/download/attachments/3088361059/s%26e-acl-search-version-1-modificationdate-1686299083000-api-v2.png

Create an ACL rule

To create a new ACL rule go through the following steps:

  1. Click the + icon on the right side of the view to open the New Access Control List rule dialog.

  2. Select the Subject type that will use the rule. Can be GROUP (when authenticating with an IdM role) or CLIENT (when authenticating with an OAuth2 client).

    images/confluence/download/attachments/3088361059/s%26e-acl-create0-version-1-modificationdate-1686295402000-api-v2.png

  3. Fill in the id for a specific Subject.

    • When GROUP is selected as a Subject type, you can benefit from a Subject auto-suggest with all assigned IdM roles. Just type in a symbol from the keyboard.

    • When CLIENT is selected as a Subject type, you have to paste the Client ID of your OAuth2 client. Copy it from the OAuth2 client details view of the specific client.

  4. Select the desired Resource type e.g. DEVICE_CONFIG or RESOURCE_TYPE.
    With DEVICE_CONFIG the scope of the rule will be within a particular device configuration, while with RESOURCE_TYPE the scope is global for all entries within a particular resource type.

    images/confluence/download/attachments/3088361059/s%26e-acl-create1-version-1-modificationdate-1685982624000-api-v2.png

  5. Select the specific Resource. The values will vary depending on the type that you selected above.

    1. with DEVICE_CONFIG you will see a list of all device configurations that you are allowed to manage.

    2. with RESOURCE_TYPE you will see a list of all resources e.g. ACL, AUDIT_LOG or DEVICE_CONFIG.

      images/confluence/download/attachments/3088361059/s%26e-acl-create3-version-2-modificationdate-1685982746000-api-v2.png

  6. Select the desired Action i.e. the permissions that you grant to the subject over the resource.

  7. Click Create.

    images/confluence/download/attachments/3088361059/s%26e-acl-create3-version-2-modificationdate-1685982746000-api-v2.png

Your new ACL rule will be listed in as part of the Access Control List.