Permissions for Service Accounts
Before performing the following operations through an application, authorization must be given to the service account of the application.
- Accessing the resources in EnOS through APIs。
- Consumption of subscription data
This section shows the specific permissions needed by the service account when the application performs operations such as invoking EnOS APIs and consumption of subscription data.
EnOS APIs
The permissions requried for invoking EnOS APIs are as follows.
Model Service
| API |
Required Authorization |
Operation Permission |
|---|
| Get Thing Model |
Model Management |
Read |
| Search Thing Model |
Model Management |
Read |
Connection Service
Product
| API |
Required Authorization |
Operation Permission |
|---|
| Create Product |
Device Management |
Full Access |
| Delete Product |
Device Management |
Full Access |
| Get Product |
Device Management |
Read |
| Search Product |
Device Management |
Read |
| Update Product |
Device Management |
Full Access |
Device
| API |
Required Authorization |
Operation Permission |
|---|
| Create Device |
Device Management |
Full Access |
| Delete Device |
Device Management |
Full Access |
| Disable Device |
Device Management |
Full Access |
| Enable Device |
Device Management |
Full Access |
| Get Device |
Device Management |
Read |
| Replace Device |
Device Management |
Full Access |
| Search Device |
Device Management |
Read |
| Update Device |
Asset |
Write |
| Get Device Statistics |
Device Management |
Read |
Certificate
| API |
Required Authorization |
Operation Permission |
|---|
| Apply Certificate |
Device Management |
Full Access |
| Renew Certificate |
Device Management |
Full Access |
| Revoke Certificate |
Device Management |
Full Access |
| List Certificate |
Device Management |
Read |
Gateway and Sub-Device
| API |
Required Authorization |
Operation Permission |
|---|
| Add Sub-Device |
Device Management |
Full Access |
| Get Gateway |
Device Management |
Read |
| Remove Sub-Device |
Device Management |
Full Access |
| Search Sub-Device |
Device Management |
Read |
Device Data
| API |
Required Authorization |
Operation Permission |
|---|
| Cancel Command |
Asset |
Control |
| Get Command |
Asset |
Read |
| Get Event |
Asset |
Read |
| Get Latest Measurement Points |
Asset |
Read |
| Invoke Service |
Asset |
Control |
| Search Command |
Asset |
Read |
| Search Event |
Asset |
Read |
| Set Measurepoint Point |
Asset |
Control |
| Delete File |
Asset |
Write |
| Download File |
Asset |
Read |
HTTP Message Integration
| API |
Required Authorization |
Operation Permission |
|---|
| Upload Attribute |
Asset |
Write |
| Upload Events |
Asset |
Write |
| Upload Measurement Points |
Asset |
Write |
Firmware Management
| API |
Required Authorization |
Operation Permission |
|---|
| Create Firmware File |
Device Management |
Full Access |
| Get Firmware File |
Device Management |
Read |
| List Device Current Firmware |
Device Management |
Read |
| Search Firmware File |
Device Management |
Read |
| Search Device Upgrade |
Device Management |
Read |
| Delete Firmware |
Device Management |
Full Access |
Firmware OTA Upgrade Management
| API |
Required Authorization |
Operation Permission |
|---|
| Create OTA Job |
Device Management |
Full Access |
| Get OTA Job |
Device Management |
Read |
| Search OTA Job |
Device Management |
Read |
| Search OTA Task |
Device Management |
Read |
| Start OTA Job |
Device Management |
Full Access |
| Stop OTA Job |
Device Management |
Full Access |
| Delete OTA Job |
Device Management |
Full Access |
| Cancel OTA Task |
Device Management |
Full Access |
| Retry OTA Task |
Device Management |
Full Access |
Asset Service
| API |
Required Authorization |
Operation Permission |
|---|
| Get Asset |
Asset Tree Management |
Read |
| Update Asset |
Asset Tree Management |
Full Access |
| Create Logical Asset |
Asset Tree Management |
Full Access |
| Update Logical Asset |
Asset Tree Management |
Full Access |
| Delete Logical Asset |
Asset Tree Management |
Full Access |
Asset Tree Service
Asset Tree
| API |
Required Authorization |
Operation Permission |
|---|
| Create Asset Tree |
Asset Tree Management |
Full Access |
| Create Asset Tree and Associate Asset |
Asset Tree Management |
Full Access |
| Delete Asset Tree |
Asset Tree Management |
Full Access |
| Get Asset Tree |
Asset Tree Management |
Read |
| Search Asset Tree |
Asset Tree Management |
Read |
| Update Asset Tree |
Asset Tree Management |
Full Access |
Asset Tree Node
| API |
Required Authorization |
Operation Permission |
|---|
| Associate Asset |
Asset Tree Management |
Full Access |
| Create and Associate Asset |
Asset Tree Management |
Full Access |
| Delete Asset Node |
Asset Tree Management |
Full Access |
| Search Asset Node |
Asset Tree Management |
Read |
| Search Related Asset Node |
Asset Tree Management |
Read |
| Get Asset Trees |
Asset Tree Management |
Read |
| Search Asset Path |
Asset Tree Management |
Read |
TSDB Data Service
| API |
Required Authorization |
Operation Permission |
|---|
| Filter Asset Latest Data |
Asset |
Read |
| Get Asset AI Data with Aggregation Logic |
Asset |
Read |
| Get Asset AI Raw Data |
Asset |
Read |
| Get Asset Current Day Electric Power |
Asset |
Read |
| Get Asset DI Data |
Asset |
Read |
| Get Asset DI Data Duration |
Asset |
Read |
| Get Asset Electric Power Data |
Asset |
Read |
| Get Asset Generic Data |
Asset |
Read |
| Get Asset Latest Data |
Asset |
Read |
| Get Asset Raw Data By Time Range |
Asset |
Read |
Other EnOS API Services
No special permission requirements.
Consumption of Subscription Data
When creating a data subscription task, the service account associated with the task should have already been granted “Read” permission for the asset data. Otherwise, the subscription task will fail authentication and will not be able to subscribe to the data.