Cumulocity IoT Feedback Portal
Kemin encountered this situation: a Device has a child device assigned. An user has inventory read access on a device group, both devices are assigned to this device group.
For Kemins use case, they need to find the ID of the parent device based on the child device. They do so by getting the managed object of the child device via the API, adding the withParents=true parameter.
The response shows an empty list for deviceParents.references. Only when they give this user full inventory read permissions (roles ROLE_INVENTORY_READ or ROLE_MANAGED_OBJECT_READ), the parent device is listed when performing the same request.
Affected request: url/inventory/managedObjects/{child MO ID}?withParents=true
Kemin has multiple users on their platform, who are only allowed to see their devices. They use device groups and inventory read permissions on those groups for access control. Therefore, they cannot give users ROLE_INVENTORY_READ or ROLE_MANAGED_OBJECT_READ read permissions.
Comment Christian Herzog from ticket https://getsupport.softwareag.com/browse/SI-565300
Our R&D responded, that this functionality does not work for inventory roles. There is an inconsistency there, because C8y can traverse down this hierarchy while for traversing it up the functionality is blocked. This is due to changes introduced in the MTM-26143. Apart from setting the global role, there is no other possibility at the moment.
Therefore I create this feature request to make changes in this area.
Hi Arne,
Thank you for raising this Insight. We have a feature on our backlog that will provide this type of capability, I have added Kemin as one of the interested customers. Unfortunately it is a great deal of work and we have been unable to prioritize it so far this year, it is currently in the Q4 backlog which is when we will start to look at the design. We will be in touch with our ideas when we start this work.
Many thanks, Jane.