In any IoT project, IoT Hub is at the center of the action.. Whether you are a service and you want to pass a note to a device or you are a device and want to send info to a service, you have to go through IoT hub first.
Essentially, there are 3 capability sets at play here: Services, Devices and the IoT Hub itself. Knowing which permission to select is based on what task needs to be done. Of course, you could just select Full Rights, skip the lesson and leave to go play with your friends, but where’s the fun in that, Right?
Hello? Hello? Bueller?
Shared Access Policies
- iothubowner – Everything rights, but according to the Principle of Least Privilege, proceed with caution
- ServiceConnect – Service Centric – Can send messages Cloud-to-Device and receive Device-to-Cloud among other things
- DeviceConnect – Device Centric – Can send messages Device-to-Cloud and receive Cloud-to-Device among other things
- registryreadwrite – pretty straightforward, read and write to the identity registry
- registryread – read only of the identity registry
I know what you’re thinking, Ok, nice chart (thank you) but what might that look like in a picture? I’m glad you asked…