We would like to inform you about the continuation of the access controller extension as well as about the preparations for the new Bosch IoT Insights price model. In addition, Bosch IoT Insights now offers a new widget for device details as well as other enhancements and fixed issues.
Continuation of access control extension
For the custom roles concept, we introduced now the possibility to add “access-only” users who can have “read-only” access to views, templates, and devices when they are assigned to a custom role (INS-1779).
Example view of an “access-only” user:
Preparation for the new pay-as-you-go plan
The implementation for the new price model has started. Among all the changes, these are the most interesting:
- New pay-as-you-go plan without basic fees
- All paid plans get more attractive storage prices
- All paid plans get access to decoders
- Introduction of data access ticketing: improves resource management and enables customers to increase performance
More information will follow as soon as the implementation is completed.
New device details widget (INS-2190)
We now provide a new widget “Device Details” that can specifically visualize the content of a device in the dashboard in the same way as in the devices section.
For more information on configuring the “Device Details” widget, please see our documentation.
Disk limit configuration for pipeline processors (INS-1541)
In addition to configuring the memory (RAM), it is now also possible to adjust the disk limit for pipeline processors. You can adjust it via Processing → Pipelines → App Settings → Processes and Instances.
Disable placeholder encoding in URLs (INS-2319)
Currently all placeholders in URLs are encoded, e.g. in the table widget. This sometimes leads to unwanted modifications in complex URLs. To prevent this, placeholders in URL fields, such as those used in table widget links and tooltip links, can now have a noencode modifier that disables encoding.
Example:
https://example.com?test={[0].text | noencode}
Action button secures credentials – REST requests API (INS-1431)
To bring the “Action Button” from beta into general availability, one step was still missing: hardening the security concept. We achieved this by relocating the execution of the underlying rest request from the frontend to our backend, as well as moving the storage and replacement of the “Secret Header” to the backend. This brings some changes for those who manage such a button:
- The secret header was introduced
- Each time a change is made, such a secret header must be re-entered to prevent disclosure of credentials
- The “Authorization” tab has been removed
- Similar behavior can be achieved by entering a secret header with the key “Authorization” and the value “Basic user:password”, but the user:password part has to be Base64 encoded
- Parameters in placeholders no longer need the unnecessary “_value”. Example: instead of filterParams._value.paramName now only filterParams.paramName has to be entered
Insights REST API supports OAuth2 Clients
Additionally to access via technical users, Bosch IoT Insights’ API can now also be used with OAuth2 access tokens.
This allows Bosch IoT Insights projects to increase security: OAuth2 access tokens are digitally signed and time-limited.
To use OAuth2 in Bosch IoT Insights, customers can create OAuth2 clients as they would in any other Bosch IoT Suite service:
- Open https://accounts.bosch-iot-suite.com/oauth2-clients/
- Use
button - Scroll to the last section “
- Choose a subscription and enter the role name you want the new client to have
- The client can have multiple roles, so add more until you’re done
- Finish with the “Create” button
⚠ Security Advice
Review who has access to your subscription management, which are listed on https://accounts.bosch-iot-suite.com/team/.
All listed accounts of roles Owner, Manager, Developer can create OAuth2 clients and can assign Insights’ project admin role.
Further Improvements
INS-2299 Grant CORS access for Service Dashboard for project filtering
INS-1434 Migrate IoT Things booking to Suite Account Management API
INS-1261 Provide most recent data to the customers
INS-2094 Bosch Web Security Finding: Inclusion of Functionality from Untrusted Control Sphere
Bugfixes
In addition the following fixes were applied to the service:
INS-2368 Conditional Actions: SMS should contain the message
INS-2294 Conditional Actions: Not user friendly JSON Error when trying to store without selection of a condition type
INS-2371 Thing API security problem: wrongfully created thing objects can be requested by all logged in users
INS-2441 Download ALL in Input History should be possible for all filtered documents
INS-2320 Device type labels and images should not disappear in sorting mode
INS-2357 Remove event button in bookings information block should delete the booking and not open the bookings dialog
INS-2378 Access Denied, even though I am logged in and have access
INS-2406 Several Bugs in the Views and Dashboard Config
INS-2508 power_user should be able to create new query templates
INS-2523 Query History – Depending on the order of clicking expanding / collapse is not working
INS-2525 QueryTemplates should be listed in DataSources again
INS-2526 IoT Things policy creation fails due to invalid token
INS-2530 Table Widget: Custom Column URL should work on RightMouseButton on “Open in new window”
INS-2533 Action Button should show the original http failure code instead of 500
INS-2562 Link in Table Widget should use Query Parameters
INS-2579 Location Map: Also zero values should be shown in tooltips
INS-2596 Colored tour map should correctly interpolate color when setting a max-value
INS-2609 Booking a service plan fails