I have created a MO via postman and sent measurements, events, etc… using my user creds.
Now I would like to send measurement using device credentials.However I am getting an Access denied.
Since I did not use the proper step by step approach for device registration, I am wondering if that could be the root cause (The MO was created before the reg).
Below are my steps:
Created a new device request with unique id ABC
Ask for deviceCreds
Accept the device Request
Ask for deviceCreds again and they are provided to me.
Relate id ABC to the MO i created a few days ago
From there I use my device credentials in Postman:
GET {{url}}/identity/externalIds/c8y_Serial/ABC : works
GET {{url}}/inventory/managedObjects/{{Moid}}: works
PUT {{url}}/inventory/managedObjects/{{Moid}}: access denied
GET {{url}}/user/currentUser : works and i can see the device_ABC has all the necessary roles to READ/CREATE/ADMIN
In order to create attached data like measurements or events for your device, your user needs the permissions to do so.
For the REST API our roles and permission configuration applies. Typically device users (the ones obtained through device bootstrap) don’t have global write permissions on any object. Device users typically gain the permissions to write their own data by being the owner of their own device managed object. If the device creates the device as intended in the standard process the device user is automatically assigned as owner. In cases where another user creates the device for the device it is usually necessary that the device user is assigned as owner later.
For MQTT connected devices we don’t apply the roles and permissions. For these devices only the owner user can write data.