Open API SA Authorization¶
The management of Open API’s access permissions to TSDB data is achieved through Service Account and permission policies.
This tutorial will guide you to use Service Account to access TSDB data through Open API. The administrator needs to create a permission policy, then bind the permission policy to the asset tree, and finally apply the permission policy to a certain Service Account. You can read and write data and control assets through the permissions of the Service Account.
Create Asset Tree¶
Log in to the EnOS Management Console and select Asset Trees from the left navigation bar.
Click the + button in the upper left corner to create a new asset tree.
In the Create Asset Tree pop-out box, enter the asset tree name and click Next.
Select Bind to Existing Asset, and click Next.
Select the asset to be associated and click Confirm to add the device to the asset tree.
Create Permission Policy¶
Log in to the EnOS Management Console and select Identity and Access Management > Policy from the left navigation bar.
Click New Policy.
On the Basic Information page, fill in the basic information of the policy and click Next.
Click New Service > Asset inn the upper right corner, tick the following:
Resouce:Tick
Assign
, and select the previously created asset tree.Action:Grant corresponding read, write and control permissions as needed.
Click Save to create the permission policy.
SA Authorization¶
Log in to the EnOS Management Console and select Identity and Access Management > Service Account from the left navigation bar.
Click the Authorize at the end of the service account that requires authorization.
Click Assign Policies, in the Authorize pop-out box, Select the permission policy to be added.
Click Save to complete SA authorization of Open API.