Users of Grouper sometimes need to create and manage entities in Grouper which are not part of a central subject source. An example is an application might manage access to a database where schemas are connecting which are application schemas. The access management application will need to represent these schemas in Grouper so they can be assigned to Groups/Roles/Permissions. Before 2.1 this could be solved by creating a Group to represent the entity, and not assign members to the group. In 2.1 an "entity" can be created in the folder structure.
Description
An entity in Grouper is an object in the Grouper namespace (folder structure), that non-grouper-admins can create, manage, use. It is a Java interface in the API (Entity), which has:
- id - uuid, doesnt change
- extension - system name in the folder, shouldnt change
- display extension - display name in the folder, can change
- description - free form text documentation about the entity
- name - fully qualified (including parent folders) system name
- display name - fully qualified (including parent folders) display name
Entity typeOfGroup
The "Group" object in Grouper is close to what we need for entities, they are in the namespace, they have some privileges (only ADMIN and VIEW are needed), and they have UI/WS support. The implementation of this enhancement is to have a typeOfGroup option as entity. Currently for v2.1 the options are "group", "role", and "entity".
...
If you try to assign READ, UPDATE, OPTIN, OPTOUT to an entity, you will get an error
Note: when you assign privileges in the API you use the AccessPrivilege class, e.g. AccessPrivilege.VIEW
sdf