Device Policies
Device policies are JSON documents that enable you to manage access to the OmniCore data plane. This data plane comprises various operations that let you connect to the OmniCore message broker, exchange MQTT messages, and manage Broadcast permissions and granular access to topics using regex expressions.
Please note that changes made to a policy may not take immediate effect due to OmniCore's policy document caching mechanism. Therefore, you may need to wait a couple of minutes before accessing a resource that has recently been granted access, and a resource may remain accessible for a few minutes even after its access has been revoked.
Available Policies
| Name | Details |
|---|---|
| oc:Connect | Represents the permission to connect to the OmniCore message broker. The oc:Connect permission is checked every time a CONNECT request is sent to the broker. The message broker doesn't allow two clients with the same client ID to stay connected at the same time. After the second client connects, the broker closes the existing connection. Use the oc:Connect permission to ensure only authorized clients using a specific client ID can connect. |
| oc:PublishState | Represents the permission to publish state to MQTT topic. This permission is checked every time a PUBLISH request is sent to the broker. You can use this to allow clients to publish to specific topic patterns. /registry_id/device_id/state Note: To grant oc:PublishState permission, you must also grant oc:Connect permission. |
| oc:PublishEvents | Represents the permission to publish events to MQTT topic. This permission is checked every time a PUBLISH request is sent to the broker. /registry_id/device_id/events/* Note: To grant oc:PublishEvents permission, you must also grant oc:Connect permission. |
| oc:PublishEventsRegex | Represents the regex for subfolders, permission to publish events to MQTT topic. This permission is checked every time a PUBLISH request is sent to the broker. You can use this to allow clients to publish to specific topic patterns. /registry_id/device_id/events/regex |
| oc:PublishLoopback | Represents the permission to publish to MQTT topic for quick test on OmniCore UI. This permission is checked every time a PUBLISH request is sent to the broker to Loopback topic. /registry_id/device_id/PublishLoopback/ Note: To grant oc:PublishLoopbackpermission, you must also grant oc:Connect permission. |
| oc:SubscribeCommand | Represents the permission to subscribe to a Commands topic. /registry_id/device_id/commands Note: To grant oc:SubscribeCommands permission, you must also grant oc:Connect permission. |
| oc:SubscribeCommandRegex | Regex for the commands subfolder /registry_id/device_id/commands/subfolder |
| oc:SubscribeConfig | Represents the permission to subscribe to a Configuration topic. /registry_id/device_id/configs Note: To grant oc: SubscribeConfiguration permission, you must also grant oc:Connect permission. |
| oc:SubscribeBroadcast | Represents the permission to subscribe to a Commands topic. /registryid//broadcast |
| oc:SubscribeBroadcastRegex | Regex for the Broadcast subfolder /registryid//broadcast/subfolder |
Sample Policy
{
"Connect": true,
"PublishState": true,
"PublishEvents": true,
"PublishEventsRegex": ".*",
"PublishLoopback": true,
"SubscribeCommand": true,
"SubscribeCommandRegex": ".*",
"SubscribeBroadcast": true,
"SubscribeBroadcastRegex": ".*",
"SubscribeConfig": true
}
Regex for Topic Names
The names of Command Subscriptions, Event Publications, and Broadcast MQTT Topics can be more closely managed using regular expressions. A requirement is that the topic names should consist entirely of alphabetic characters and must be between 3 and 12 characters in length.
| Regular Expresson | Details |
|---|---|
| ^[a-zA-Z]{2}$ | Match exactly 2 letters |
| ^[a-zA-Z]{4}$ | Match exactly 4 letters |
| ^[a-zA-Z]{2,4}$ | Match between 2 and 4 letters v |
| ^[a-zA-Z]{5}$ | Match exactly 5 letters |
| ^[a-zA-Z]{2,6}$ | Match between 2 and 6 letters |
| ^[a-zA-Z]{7}$ | Match exactly 7 letters |
| ^[a-zA-Z]{8,12}$ | Match between 8 and 12 letters |
| ^[a-zA-Z]{2,12}$ | Match between 2 and 12 letters |
| ^[a-zA-Z]{2,6}$ | Match between 2 and 6 letters |
| ^[a-zA-Z]{2,9}$ | Match between 2 and 9 letters |
Updating Device Policy
There are two options to update Policy associated with a Device.
OmniCore Portal
In Device page you will find a policy generator. It generates the policy json for the device.
OmniCore API or SDK
You can update policy through api or sdk also.