What are some examples of SAM permissions?

The following are some example SAM (SORACOM Access Management) permissions for common levels of access. For additional information about SAM and how to set it up, please refer to the SORACOM Access Management guide.

Please note: The following examples are provided only for reference. Please carefully review each parameter before you use them in your account to ensure you have set the correct permissions required.

 


Example 1: Allow read access to the list of SIMs and billing information

{
  "statements": [
    {
      "api": [
        "Subscriber:list*",
        "Billing:*",
        "Payment:get*",
        "Payment:list*",
        "Stats:*",
        "Files:*",
        "Query:searchSubscribers"
      ],
      "effect": "allow"
    }
  ]
}

 

Example 2: Allow read access to the list of SIMs, and full access to monitoring settings

{
  "statements": [
    {
      "api": [
        "EventHandler:*",
        "Subscriber:listSubscribers",
        "Query:searchSubscribers"
      ],
      "effect": "allow"
    }
  ]
}

 

Example 3: Allow read access to data stored in Harvest

{
  "statements": [
    {
      "api": [
        "Subscriber:getDataFromSubscriber",
        "LoraDevice:getDataFromLoraDevice",
        "SigfoxDevice:getDataFromSigfoxDevice",
        "DataEntry:getDataEntries",
        "DataEntry:getDataEntry"
      ],
      "effect": "allow"
    }
  ]
}

 

Example 4: Deny access to support tickets, and allow full access to all other APIs 

{
  "statements": [
    {
      "api": "*",
      "effect": "allow"
    },
    {
      "api": [
        "Operator:generateSupportToken"
      ],
      "effect": "deny"
    }
  ]
}

 

Example 5: Allow full access to all APIs 

{
  "statements": [
    {
      "api": "*",
      "effect": "allow"
    }
  ]
}

 

Example 6: Allow a SAM user to change their own password

{
  "statements": [
    {
      "effect": "allow",
      "api": "User:updateUserPassword",
      "condition": "pathVariable('user_name') == samUserName"
    }
  ]
}

 

Example 7: Allow full access to a specific SIM

{
  "statements": [
    {
      "api": [
        "Subscriber:activateSubscriber",
        "Subscriber:deactivateSubscriber",
        "Subscriber:deleteSubscriberSession",
        "Subscriber:getSubscriber"
      ],
      "effect": "allow",
      "condition": "pathVariable('imsi') == 'Input your IMSI'"
    },
    {
      "api": [
        "Subscriber:listSubscribers",
        "Query:searchSubscribers"
      ],
      "effect": "allow"
    }
  ]
}
Was this article helpful?

1 out of 1 found this helpful
Have more questions? Submit a request
Powered by Zendesk