Help Center/ IoT Device Access/ Service Overview/ Security/ Identity Authentication and Access Control
Updated on 2024-10-31 GMT+08:00

Identity Authentication and Access Control

Identity Authentication

You are required to carry your identity credential and verify the identity validity when calling IoTDA APIs. Different identity credentials are used in the following IoTDA access scenarios:

  • IoTDA application APIs support authentication using an IAM token or access key (AK/SK). For details, see Authentication.
  • For MQTT device connection authentication, carry the client ID, device ID, and encrypted device secret. For details, see Device Connection Authentication.
  • For HTTP device connection authentication, carry the device ID, password authentication mode, timestamp, and encrypted device secret. For details, see Authenticating a Device.
  • For authenticating the connection between the AMQP client and IoTDA, carry accessKey and accessCode. For details, see AMQP Client Access.

Access Control

IoTDA supports access control through IAM. IAM permissions define which actions on your cloud resources are allowed or denied. After creating an IAM user, the administrator needs to add it to a user group and grant the permissions required by IoTDA to the user group. Then, all users in this group automatically inherit the granted permissions.

IAM presets system permissions for each cloud service so that you can quickly configure basic permissions. The following table describes all system permissions of IoTDA.

Table 1 All system permissions of IoTDA

Role/Policy Name

Description

Type

Tenant Administrator

Permissions to perform all operations on all services except IAM

System-defined role

Tenant Guest

Permissions to perform read-only operations on all services except IAM

System-defined role

IoTDA FullAccess

Permissions to perform all operations on IoTDA resources.

System-defined policy

IoTDA ReadOnlyAccess

Permissions to perform read-only operations on IoTDA resources.

System-defined policy