Scopes: A scope is the smallest entity that describes a single permission.
Scopes describe permissions which are listed in the access token as named parameters. When accessing an endpoint or application within Insights Hub, the Identity and Access Management automatically adds the required scopes to the access token if the respective user has access permission.
Scopes must adhere to the following naming convention: {application_name}.{scope}.
Roles: A role is a collection of multiple scopes (permissions). These roles can be assigned to a user.
It can either be assigned to a user via the Settings application or added to an application role to grant access to APIs. For example, the Core role mdsp:core:iot.timUser can be added to the application role so that this application can read time series data. This assignment makes all the scopes of the Core role available in your application role.
The scopes can be assigned to one or more default application roles. For more information on API specific roles and the available scopes, see Developer Documentation.
Note
- By default, the application scope with "Admin" role is automatically assigned to a newly created application.
- Once you create another role and scope, you can delete the default role and scope.
- Atleast, one role and scope is required to access the application.