Grantee Management

A grantee can be real-life person (a classical user) wanting to read/write data or administrate things using the Connectware’s web application. A grantee can also be another software program that reads/write data for further processing, or accesses the Connectware’s REST-API directly.

In short: A grantee is a known identity with a associated set of data and/or administrative access permissions.

Grantees are managed using the web-based interface of the Connectware. You can add or delete grantees, edit permissions or change the password for a single grantee.

Note

The logged in user has to be granted grantee management rights in the API access permissions.

Create grantee with permissions

Once you have opened the entry screen of the Connectware interface:

  1. If the navigation panel is not displayed on the left side click the menu icon in the upper left corner.
../_images/1_webui_services.PNG
  1. On the navigation panel click on Grantees.
../_images/1_menu_view.PNG
  1. Press the + button in the bottom right corner of the Grantees view to add a grantee.

    ../_images/2_grantees_view.PNG
  2. Enter the grantee name and password in the Add Grantee dialog and click Create.

  3. Click the Edit permissions icon in the Actions column of the created grantee.

../_images/3_edit_grantee.png
  1. To create read or write permissions for the selected grantee on a specified MQTT topic press the + button in the bottom right corner of the Data Access section.
../_images/4_permissions_view.PNG
  1. In the Add Data Access Permission dialog select the access type (read or write) and enter the MQTT topic the permission should be valid for. The specified topic can be either a single topic or a wildcard as well. You have to add separate permissions for both read and write access to one topic.
  2. To create permissions for the API access switch to the API Access section in the top bar.
../_images/5_permissions_view_filled.PNG
  1. Press the + button in the bottom right corner to add an API access permission.
  2. By clicking on Permission in the Add Api Permission dialog select an administration task and confirm the dialog by clicking Create. You have to create separate permissions for every administration task the grantee should be authorized to.

Note

Grantee name and password can be used as fully valid username and password in any MQTT client software. Subscriptions are possible on the associated readable topics, whereas the associated data write permissions define the topics available for publishing.