PUT/POST not possible using device credentials

Hi,

I have created a MO via postman and sent measurements, events, etc… using my user creds.
Now I would like to send measurement using device credentials.However I am getting an Access denied.
Since I did not use the proper step by step approach for device registration, I am wondering if that could be the root cause (The MO was created before the reg).
Below are my steps:

  • Created a new device request with unique id ABC
  • Ask for deviceCreds
  • Accept the device Request
  • Ask for deviceCreds again and they are provided to me.
  • Relate id ABC to the MO i created a few days ago

From there I use my device credentials in Postman:

  • GET {{url}}/identity/externalIds/c8y_Serial/ABC : works
  • GET {{url}}/inventory/managedObjects/{{Moid}}: works
  • PUT {{url}}/inventory/managedObjects/{{Moid}}: access denied
  • GET {{url}}/user/currentUser : works and i can see the device_ABC has all the necessary roles to READ/CREATE/ADMIN

Any idea what i m missing?
thanks

Hi Melanie,

You also need to change the owner of your managedObject to the device user.

Regards,
Tristan

2 Likes

In order to create attached data like measurements or events for your device, your user needs the permissions to do so.

For the REST API our roles and permission configuration applies. Typically device users (the ones obtained through device bootstrap) don’t have global write permissions on any object. Device users typically gain the permissions to write their own data by being the owner of their own device managed object. If the device creates the device as intended in the standard process the device user is automatically assigned as owner. In cases where another user creates the device for the device it is usually necessary that the device user is assigned as owner later.

For MQTT connected devices we don’t apply the roles and permissions. For these devices only the owner user can write data.

2 Likes

This topic was automatically closed 180 days after the last reply. New replies are no longer allowed.