CSPs allow administrators to assign permissions to devices and groups of devices. For example, the Azure IoT service has four defined permissions: RegistryRead, RegistryReadWrite, ServiceConnect, and DeviceConnect. These permissions are managed per IoT Hub in the Azure cloud.
The DeviceConnect permission allows devices to connect to the IoT Hub using the specified authentication technique. A device management service might be provisioned with the RegistryReadWrite policy, whereby the IoT Hub is provisioned with RegistryRead.
AWS IoT offers similar permissions (see the following link: https://docs.aws.amazon.com/iot/latest/developerguide/iot-policies.html). For example, iot:Connect supports connection to the IoT message broker ...