We all want to do security right! Apply System user to everything and then Override service invoke on specific services.

But the composer is woeful for setting permissions on lots of services sooooo to make life easier?

A script!

This just does ServiceInvoke based on a Group. You can expand this any which way you want.

 

GroupName, ServiceName and ThingName are all Input Parameters

 

var params = {

  principal: GroupName /* STRING */,

  allow: true /* BOOLEAN */,

  resource: ServiceName /* STRING */,

  type: "ServiceInvoke" /* STRING */,

  principalType: "Group" /* STRING */

};

 

Things[ThingName].AddRunTimePermission(params);