Hi @siddharth bansal Greetings! Thank you for posting the question on this forum.
why the shared access policy given as registryRead doesnt bring any events
The RegistryRead
and RegistryReadWrite
permissions on IoT Hub only provides access to Identity Register The identity register only stores information about the devices and modules permitted to connect to the IoT Hub. The Identity Register does not hold any information on the events generated or application metadata.
The IoT Hub identity registry exposes the following operations:
- Create device or module identity
- Update device or module identity
- Retrieve device or module identity by ID
- Delete device or module identity
- List up to 1000 identities
- Export device identities to Azure blob storage
- Import device identities from Azure blob storage
Please refer the article Understand the identity registry in your IoT hub for more details on the Identity Registry.
Here is a list of default shared access policies applicable to Azure IoT Hub and the permissions they grant.
Refer the below picture to get more details on the permissions that each shared access policy grants.
what are the drawbacks/limitations and security concerns if i select shared policy as iothubowner
The ADX here does not modify/access any twins explicitly other than consuming the events. It is safe to use the IoTHubOwner
policy here. However, we should be cautious using IoTHubOwner
access policy in the SDKs as it provides access to all the events generated and can even update twin tags and properties. Use DeviceConnect
service policy if are only interested in sending a telemetry data from a device.
Hope this clarifies. Please let me know if you have any additional questions in the comments below.
If the response helped, please do click Accept Answer and Yes. Doing so would help other community members with similar issue identify the solution. I highly appreciate your contribution to the community.