...
An entity is modeled as a grouper group object, but you cannot ad members to it, and of course you cannot add role permissions to it. Though of course if it were a member of a role, you could add individual permissions in the context of that role.
Entity privileges
There are only two privileges for entities: VIEW and ADMIN.
- VIEW means you can see it, its name, description, etc. With VIEW you could add it to a group or assign permissions to it in a role.
- ADMIN means you can edit it, delete it, assign attributes to it, etc.
In the grouper.properties you can designate if entities are viewable by all by default. This occurs on entity create, and can be unassigned. This defaults to false for security reasons
Code Block |
---|
# if set to true, then the ALL subject will be granted view on new entities
entities.create.grant.all.view = false
|
If you try to assign READ, UPDATE, OPTIN, OPTOUT to an entity, you will get an error
sdf