Setting up users and policies

If the device manufacturer added SDA to its IoT device and supporting applications, you can authorize groups of users or single users to have access to IoT devices, and you can define the level of access they have to the device.

You define these user groups and policies in Device Management rather than on the device, and you can change these settings whenever you need - even when the device is offline.

Creating user groups

In Device Management Portal, you can define groups that contain different types of user, such as OEM technicians, service technicians or device users. This enables you to give different groups of users different levels of access to the IoT device. For example, a junior technician may only be able to carry out basic maintenance tasks, whereas a senior technician can perform a broader range of tasks, including firmware upgrades.

For more information, see the Groups page.

Defining access policies

You use policies to define the operations a user or group of users can perform on the IoT device. An access policy defines:

• How long an access token is valid (from one hour to two weeks).
• The scope of the policy and whether the user has:
  • Full access to the settings and maintenance tasks on the IoT device.
  • Partial access to the IoT device, which restricts the user to a limited set of operations.
• Which devices are covered by the policy. You can reference devices in a policy using the device IDs, endpoint names or the values of custom attributes.
• Which users or user groups this policy includes.

The Portal guides you through a set of steps to define a policy. For more information, see the Access Policies page.