Authorities or Scopes Required for Platform Services

When you create a new OAuth2 client, the client is assigned default scopes and authorities. You must add additional authorities or scopes that are specific to each service.

The following table lists the scopes and authorities specific to each platform service that you must add to your OAuth2 client.

Service NameAuthorities/Scopes
Access Control
  • acs.policies.read
  • acs.policies.write
  • acs.attributes.read
  • acs.attributes.write
  • predix-acs.zones.<acs_instance_guid>.user

    This value is added by default if you use the UAA Dashboard. It is also generated in the VCAP_SERVICES environment variable as oauth-scope when you bind your application to your ACS service instance.

Analytics Cataloganalytics.zones.<service_instance_guid>.user (added by default)
Analytics Runtimeanalytics.zones.<service_instance_guid>.user (added by default)
Assetpredix-asset.zones.<service_instance_guid>.user (added by default)
Blockchain as a Servicepredix-blockchainapi.zones.<service_instance_guid>.user (added by default)
Event Hub
  • Publish
    • predix-event-hub.zones.<Predix-Zone-Id>.user
    • predix-event-hub.zones.<Predix-Zone-Id>.wss.publish
    • predix-event-hub.zones.<Predix-Zone-Id>.grpc.publish
  • Subscribe
    • predix-event-hub.zones.<Predix-Zone-Id>.user
    • predix-event-hub.zones.<Predix-Zone-Id>.grpc.subscribe
Tenant Management
  • tms.tenant.read
  • tms.tenant.write
  • predix-tms.zones.<tms_instance_guid>.user (added by default)
Time Series
  • Data ingestion
    • timeseries.zones.<Predix-Zone-Id>.user (added by default)
    • timeseries.zones.<Predix-Zone-Id>.ingest
  • Data queries
    • timeseries.zones.<Predix-Zone-Id>.user (added by default)
    • timeseries.zones.<Predix-Zone-Id>.query
View
  • views.zones.<view_instanceId>.user (added by default)
  • views.admin.user
  • views.power.user