Users, roles and policies allow fine-grained authorization to the Hobson REST API.


A user is an entity that can authenticate with Hobson and invoke REST API functions. A user can be assigned a role.


A role is a named entity that can be assigned to one or more users. A role will have an associated policy.


A policy is a set of criteria that determine what a role is allowed to do via a set of declarative statements.


A statement declares authorization to use a facet of the REST API. It is comprised of an action and one or more resources.

Statement actions

Statement actions indicate an allowable function and are detailed in the table below. Note that actions have two components - a category and a function separated by a : character. Note that the function can be a * character indicating any function in that category. For example:

*             (any action)
device:*      (any device action)

device:create (device creation action)

ActionDescriptionResource Format
dataStream:createCreates new data streams{hubId}
dataStream:deleteDelete data streams{hubId}:{dataStreamId}
dataStream:readGet details about data streams{hubId}:{dataStreamId}
dataStream:updateUpdate details of data streams{hubId}:{dataStreamId}
device:configureUpdate device configurations{hubId}:{pluginId}:{deviceId} 
device:createCreate new devices{hubId}
device:deleteDelete devices{hubId}:{pluginId}:{deviceId} 
device:executeExecute device actions{hubId}:{pluginId}:{deviceId}:{actionClassId}
device:readGet details about devices{hubId}:{pluginId}:{deviceId} 
device:updateChange device variables{hubId}:{pluginId}:{deviceId}:{variableName}
hub:configureUpdate hub configurations{hubId}
hub:executeExecute hub actions (e.g. shutdown){hubId}
hub:readGet details about hubs{hubId}
plugin:configureUpdate plugin configurations{hubId}:{pluginId}
plugin:deleteDelete hub plugins{hubId}:{pluginId}
plugin:executeExecute plugin actions{hubId}:{pluginId}:{actionClassId}
plugin:installInstall new hub plugins{hubId}
plugin:readGet details about plugins{hubId}:{pluginId}
task:createCreate new tasks{hubId}
task:deleteDelete tasks{hubId}:{taskId}
task:readGet details about tasks


task:updateUpdate the details of tasks{hubId}:{taskId}

Statement resources

Each statement action will have one or more resources associated with it. The format of the resource is action specific and shown in the table above. Each segment of a resource is separated by a : character and can have a value of * to indicate all resources at that level. For example, the plugin:read action could specify one of the following resources:

*                                          (all plugins for all hubs)
local:*                                    (all plugins for the local hub)
local:com.whizzosoftware.hobson.hub.sample (only the sample plugin for the local hub) 


The following is an example of two roles: an admin that can perform any action on the local hub and an operator that is only allowed to read and update any local device.

    "role": "admin",
    "statements": [
        "actions": [

        "resources": [
    "role": "operator",
    "statements": [
        "actions": [
        "resources": [