...
Users of Grouper sometimes need to create and manage entities in Grouper which are not part of a central subject source. An example is an application might manage access to a database where schemas are connecting which are application schemas. The access management application will need to represent these schemas in Grouper so they can be assigned to Groups/Roles/Permissions. Before Grouper 2.1 this could be solved by creating a Group to represent the entity, and not assign members to the group. In Grouper 2.1 an "entity" can be created in the folder structure. Entities are not intended to be used to represent people that are already represented or could easily be represented in another source.
Description
An entity in Grouper is an object in the Grouper namespace (folder structure), that non-grouper-admins can create, manage, use. It is a Java interface in the API (Entity), which has:
...
Other screens are tweaked, e.g. on the permissions screen you can search for entities but not groups/roles for individual permissions:
...
sdf
...
Limiting the scope of entities
The documentation of entities has this sentence "Entities are not intended to be used to represent people."
On the UI they should have a technical name, like "Service entity"
LDAPPC should have a switch which defaults to off to provision these things as groups...