Gateway Access Control
I’m pleased to announce that the Gateway Access Control API is now GA. We have previously announced the beta and would like to thank you all for your input and feedback.
This feature builds on our existing Gateway support which allows you to register and connect gateway devices to the Watson IoT Platform and allows the Gateways to act on behalf of their attached devices. You can use Gateways to send events on behalf of attached devices, listen for commands and actions intended for attached devices and even allow new devices to automatically get registered with the platform. Find out more in our official documentation.
Privileged Gateway Role
This blog post is also providing notification to Watson IoT Platform customers about enhancements to the Privilege Gateway Role which will now include a resource group by default.
The Watson IoT Platform contains two predefined roles to make the security administration of IoT solutions easier. The two roles defined for Gateways are Standard and Privileged. The changes are for the Privileged gateway role. Look in our official documentation to learn more details about gateway roles.
The Privileged gateway role is assigned to new gateways by default. The Privileged gateway role will still continue to be able to add devices to the Watson IoT Platform.
Newly created gateways using the Privilege role will only be able to administer those devices that are in device groups associated to that gateway. More details below are below.
Enhancement to Privileged Gateways
Privileged gateways are now required to have a device resource group. This will mean that those gateways with a Privileged role will be constrained to managing (publish, subscribe, delete) only those devices that are in the resource group associated to the gateway.
Rationale for changes to Privileged Gateways
We are constantly working with our customers and key stakeholders to take on feedback and make incremental improvements to the Watson IoT Platform. We have consulted with a number of customers and other stakeholders and believe these changes provide the enhancements customers are asking for in order to build secure IoT solutions for the enterprise.
Considerations for new Gateways
The changes mean that new gateways, which are automatically assigned the Privileged role, will exhibit the proposed characteristics. That is, new gateways will be restricted to those devices associated to them through their device groups.
Considerations for Pre-Existing Privileged Gateways
Some existing Watson IoT Platform customers may already have Privileged gateways in their IoT solutions. Those gateways will continue to operate as they are currently defined. That is, pre-existing Privileged gateways will not have resource groups enforced upon them. However, if a pre-existing Privileged gateway is moved to a standard role (which does enforce device groups) and then moved back to a privileged role, then that Privileged gateway will be restricted to the device group, even though it previously was not.
We welcome feedback on the features and usability.