Access Control
Access Control is how you manage which users and external applications can create, read, update or delete information in SmartWorks IoT.
It allows you to set authorization rules for every piece of your IoT platform. With them you can set boundaries on what a user or client can do within a specific Space.
For example, as a Space administrator, you might want some user to be able to see all Things within a Collection, but not modify them. Perhaps you want to make a Collection completely private for a few users, or maybe you want to create an App whose only permission is to invoke a specific Function. All these (and other) permissions can be set using the Access Control system.
SmartWorks IoT's Access Control system allows you to create from general to fine-grained permissions. This flexibility comes with a price: complexity. Access Control is powerful, but you have to know how the authorization rules work if your goal is to build a complex and hierarchical permission Policy. Fortunately, you have this guide.
How Access Control Works
- Policies
- A Policy is an authorization rule that someone has
over a specific resource. You could describe a certain Policy like: "Allow Alice to read and update the
properties of any Thing in Collection
my_collection". - Roles
- A Role is a group of Policies that can be assigned to someone. It allows you to create reusable and hierarchical permissions.
That's all you need to create a permission system inside a Space.
When a user or a client tries to access a resource it has not been granted to, a
response with a 403 status code will be returned by the REST API,
meaning that you are unauthorized to access that resource.