Help Center/ IoT Device Access/ User Guide/ Message Communications/ Device Topic Policies/ Usage
Updated on 2024-11-06 GMT+08:00
View PDF
Share

Usage

Process

Figure 1 Device policy usage process
  1. Policy creation: A user creates a device policy on the console. For details, see Examples.
  2. Device authentication: An MQTT device initiates a connection authentication request. For details about authentication parameters, see Device Connection Authentication.
  3. Message subscription or publishing: The device applies to publishing or subscribing to messages through a specific topic on the cloud server.
  4. Policy authentication: The cloud server filters topics subscribed to or published by the device based on the policy. If the device is not allowed to subscribe to the topic, the cloud server returns a failure ACK message and the subscription fails. Otherwise, a successful ACK message is returned, indicating that the subscription is successful.
  5. Data push: Messages successfully published by the device can be pushed to the application through data transfer.

Procedure

The following example describes how to set topic policies and bind policy targets on the IoTDA console for MQTT device.

  1. Go to the policy page. Access the IoTDA service page and click Access Console. Click the target instance card. In the navigation pane, choose Devices > Policies.
    Figure 2 Device policy - Access page
  2. Create a policy. Click Create Policy, set policy parameters based on service requirements, and click Generate. The following figure shows the example parameter values.
    Figure 3 Device policy - Creating a policy
    Table 1 Parameter description

    Parameter Description

    Resource Space

    Select a resource space from the drop-down list box or create one.

    Policy Name

    Customize a value, for example, PolicyTest. The value is a string of no more than 128 characters. Only letters, digits, underscores (_), and hyphens (-) are allowed.

    Resource

    For MQTT topic publishing and subscription, topic: must be used as the parameter prefix. For example, to forbid the subscription to /test/v1, set this parameter to topic:/test/v1.

    Operation

    Options: Publish and Subscribe, meaning the topic publishing and subscription requests of MQTT devices.

    Permission

    Options: Allowed and Denied, meaning whether the permission to publish or subscribe to messages of a topic is assigned.
  3. Bind the policy target. A policy can be bound to resource spaces, products, or devices. The bound devices are allowed or disallowed to publish or subscribe to messages through a specific topic accordingly.
    Figure 4 Device policy - Binding a device
    Table 2 Parameter description

    Parameter Description

    Target Type

    You can set resource spaces, products, or devices as the target type. The three types can coexist. For example, product A and device C (under product B) can be bound to the same policy.

    • Resource space: used for domain-based management of multiple service applications. After a resource space is bound to a policy, all devices in this resource space adopt the policy. You can also select multiple resource spaces for binding.
    • Product: Generally, a product has multiple devices. After a product is bound to a policy, all devices of this product adopt the policy. Compared with the resource space, the binding scope is smaller. You can select products in different resource spaces for binding.
    • Device: minimum unit for the target bound to a policy. You can select devices from different resource spaces and products for binding.

    Target

    After you select a policy target type, available targets are displayed in the Target area. Select targets as required.
Parent topic: Device Topic Policies