Skip to main content

Device Policies

Device policies are JSON documents that enable you to manage access to the OmniCore data plane. This data plane comprises various operations that let you connect to the OmniCore message broker, exchange MQTT messages, and manage Broadcast permissions and granular access to topics using regex expressions.

Please note that changes made to a policy may not take immediate effect due to OmniCore's policy document caching mechanism. Therefore, you may need to wait a couple of minutes before accessing a resource that has recently been granted access, and a resource may remain accessible for a few minutes even after its access has been revoked.



device policy

Available Policies

NameDetails
oc:ConnectRepresents the permission to connect to the OmniCore message broker. The oc:Connect permission is checked every time a CONNECT request is sent to the broker. The message broker doesn't allow two clients with the same client ID to stay connected at the same time. After the second client connects, the broker closes the existing connection. Use the oc:Connect permission to ensure only authorized clients using a specific client ID can connect.
oc:PublishStateRepresents the permission to publish state to MQTT topic. This permission is checked every time a PUBLISH request is sent to the broker. You can use this to allow clients to publish to specific topic patterns.
/registry_id/device_id/state
Note:
To grant oc:PublishState permission, you must also grant oc:Connect permission.
oc:PublishEventsRepresents the permission to publish events to MQTT topic. This permission is checked every time a PUBLISH request is sent to the broker.
/registry_id/device_id/events/*
Note:
To grant oc:PublishEvents permission, you must also grant oc:Connect permission.
oc:PublishEventsRegexRepresents the regex for subfolders, permission to publish events to MQTT topic. This permission is checked every time a PUBLISH request is sent to the broker. You can use this to allow clients to publish to specific topic patterns.
/registry_id/device_id/events/regex
oc:PublishLoopbackRepresents the permission to publish to MQTT topic for quick test on OmniCore UI. This permission is checked every time a PUBLISH request is sent to the broker to Loopback topic.
/registry_id/device_id/PublishLoopback/
Note:
To grant oc:PublishLoopbackpermission, you must also grant oc:Connect permission.
oc:SubscribeCommandRepresents the permission to subscribe to a Commands topic.
/registry_id/device_id/commands
Note:
To grant oc:SubscribeCommands permission, you must also grant oc:Connect permission.
oc:SubscribeCommandRegexRegex for the commands subfolder
/registry_id/device_id/commands/subfolder
oc:SubscribeConfigRepresents the permission to subscribe to a Configuration topic.
/registry_id/device_id/configs
Note:
To grant oc: SubscribeConfiguration permission, you must also grant oc:Connect permission.
oc:SubscribeBroadcastRepresents the permission to subscribe to a Commands topic.
/registryid//broadcast
oc:SubscribeBroadcastRegexRegex for the Broadcast subfolder
/registryid//broadcast/subfolder

Sample Policy

policy in json
{
"Connect": true,
"PublishState": true,
"PublishEvents": true,
"PublishEventsRegex": ".*",
"PublishLoopback": true,
"SubscribeCommand": true,
"SubscribeCommandRegex": ".*",
"SubscribeBroadcast": true,
"SubscribeBroadcastRegex": ".*",
"SubscribeConfig": true
}

Regex for Topic Names

The names of Command Subscriptions, Event Publications, and Broadcast MQTT Topics can be more closely managed using regular expressions. A requirement is that the topic names should consist entirely of alphabetic characters and must be between 3 and 12 characters in length.

Regular ExpressonDetails
^[a-zA-Z]{2}$Match exactly 2 letters
^[a-zA-Z]{4}$Match exactly 4 letters
^[a-zA-Z]{2,4}$Match between 2 and 4 letters v
^[a-zA-Z]{5}$Match exactly 5 letters
^[a-zA-Z]{2,6}$Match between 2 and 6 letters
^[a-zA-Z]{7}$Match exactly 7 letters
^[a-zA-Z]{8,12}$Match between 8 and 12 letters
^[a-zA-Z]{2,12}$Match between 2 and 12 letters
^[a-zA-Z]{2,6}$Match between 2 and 6 letters
^[a-zA-Z]{2,9}$Match between 2 and 9 letters

Updating Device Policy

There are two options to update Policy associated with a Device.

OmniCore Portal

In Device page you will find a policy generator. It generates the policy json for the device. device policy ui edits

OmniCore API or SDK

You can update policy through api or sdk also.

  1. Update Device Policies
  2. Get Device Policies