add access control while developing on the device

Question

still trying to access the local shadow  
  
i've moved away from the lambda and am now just running a python component.  
  
still doing some local development of the component until it works.  
deploying it using  
**sudo /greengrass/v2/bin/greengrass-cli deployment create --recipeDir /data/prov/GreengrassCore/recipes   --artifactDir /data/prov/GreengrassCore/artifacts   --merge "au.com.mycompany.smartdvr.shadowconfig=1.0.0"**   
  
when trying to access the local shadow (using ipc_client = awsiot.greengrasscoreipc )  i'm getting a   
**GetThingShadowRequestHandler: handle-get-thing-shadow. Not authorized to get shadow**  
error.  
if i do this via the remote greengrass console i have the option to add an access control to the deployment.    
  
_"accessControl": {_  
  _"aws.greengrass.ShadowManager": {_  
    _"mtdshadowconfig-dev-shadowconfigpython::1": {_  
      _"policyDescription": "allow access to config# shadow",_  
      _"operations": \[_  
        _"aws.greengrass#GetThingShadow",_  
        _"aws.greengrass#UpdateThingShadow",_  
        _"aws.greengrass#ListNamedShadowsForThing"_  
      _],_  
      _"resources": \[_  
        _"$aws/things/thingName/shadow/name/config1"_  
      _]_  
    _}_  
  _}_  
_}_  
  
how do i add the AccessControl when i'm developing and deploying on the device itself ?  
  
clarification Edited by: clogwog on Oct 8, 2021 6:19 PM

Accepted Answer

Configuration merge (not --merge) accepts a proper JSON document, so simply write out the JSON which you want to be merged such as:

```
{
   "":{
      "MERGE":{
         "accessControl":{
            "aws.greengrass.ShadowManager":{
               "mtdshadowconfig-dev-shadowconfigpython::1":{
                  "policyDescription":"allow access to config# shadow",
                  "operations":[
                     "aws.greengrass#GetThingShadow",
                     "aws.greengrass#UpdateThingShadow",
                     "aws.greengrass#ListNamedShadowsForThing"
                  ],
                  "resources":[
                     "$aws/things/thingName/shadow/name/config1"
                  ]
               }
            }
         }
      },
      "RESET":[
      ]
   }
}
```

Save as "config.json"  
  
then use the deployment create command with --update-config config.json --merge componentName=1.0.0  
  
The option --merge is used to tell Greengrass to add the following component and version onto the device. To set the configuration you use the --update-config option, not --merge.

Answer

Hello,  
Try greengrass-cli deployment create --help. Our local CLI has builtin help for you.  
  
To answer the question you would use the --update-config option and provide a path to a JSON file which contains new configuration to apply. Use the format: {"componentName": {"MERGE": {"": ""}, "RESET": \[""]}}  
In your case, you can merge the accessControl values which you need.  
  
Cheers,  
Michael

Answer

would I need to use a   
  
AccessControl="{ =. Example: HelloWorld=1.*
                    *0.0. Use a separate argument for each additional component*
                    *to specify.*
```

is not very specific about how to merge json document like this

add access control while developing on the device

Relevant content