Overview

ROMA Connect provides strict permissions management for user resources. By default, IAM users can view and manage only self-created integration applications and resources under the same instance, but not integration applications and resources created by other IAM users. With integration application authorization, IAM users can share applications and resources with other IAM users under the same account.

The application authorization management function is used to control only the application permissions shared by users. The IAM controls whether users have the permission to perform operations on application objects.

Configuring Integration Application Authorization

1. Log in to the ROMA Connect console. On the Instances page, click View Console next to a specific instance.
2. In the navigation pane on the left, choose Integration Applications. On the page displayed, locate the target integration application and click Application Authorization Management.
   

   A primary account can grant permissions for integration applications created by all IAM users, but an IAM user can grant permissions only for self-created integration applications.

3. In the Application Authorization Management dialog box displayed, select the IAM user to be authorized in the Users pane and grant permissions to the selected user in the Selected pane. You can grant permissions to each user separately or click on the right of Permission to grant permissions to all selected users in batches.
   Figure 1 Granting permissions for applications
   

   Table 1 User permissions for applications

   Permission	FDI	APIC	MQS	LINK
   Read	View data sources of applications.	View, debug, and export APIs of applications.	View topics of applications.	View devices, products, and rules of applications, and export devices and products for debugging.
   Modify	Create and edit data sources under an application.	Create, edit, release, take APIs offline, and import APIs under an application.	Create a topic under an application.	Create and edit devices, products, and rules under an application, import devices and products, and reset device and product passwords.
   Delete	Delete data sources of an application.	Delete APIs of an application.	Delete topics of an application.	Delete devices, products, and rules of an application, as well as product attributes, device topics, rule data source, and rule data destination.
   Access	N/A	Configure authorization, access control, traffic control, and signature key binding for APIs of applications.	Configure application and user permissions for topics of applications.	Deliver commands to devices, exported devices, and configure codecs for devices that use the OPC UA or Modbus protocol.
   admin	Permission of the application administrator.

4. Click OK.

   In the integration application list, click on the left of an integration application to view the IAM users who have been granted permissions, and the permission scope.

5. Log in to the ROMA Connect console as the IAM user authorized in 3 and access the corresponding ROMA Connect instance to check whether the user has the management permissions on the integration application and resources.