...
Entities are not intended to be used to represent people.
Description
An entity in Grouper is an object in the Grouper namespace (folder structure), that non-grouper-admins can create, manage, use. It is a Java interface in the API (Entity), which has:
- id - uuid, doesn't change
- extension - system name in the folder, shouldn't change
- display extension - display name in the folder, can change
- description - free form text documentation about the entity
- name - fully qualified (including parent folders) system name
- display name - fully qualified (including parent folders) display name
- subjectIdentifier attribute - if the identifier of the entity is not valid for the extension (e.g. if it could contain a colon, or other invalid character in the grouper extension namespace), then you can put any fully qualified (including folder names) identifier here. Note, no two entities can have the same subjectIdentifier. Also, this attribute is public, meaning anyone can read (if they can VIEW the entity), or update it (if the can ADMIN the entity)
Entity subjects
Grouper entities have a subject source different than the Grouper subject source (though similar). Since there is an optional subjectIdentifier attribute, queries for search or findByIdentifier will consider that value. Also, the following subject attributes exist in addition to the group subject attributes (name, extension, displayName, description, etc) :
Attribute name | Meaning |
|---|---|
entityIdAttribute | if there is an entity id attribute assigned, this is the value |
entityId | if there is an entity id attribute assigned, it is used, if not, then this is the name attribute |
entityExtension | if there is an entity id attribute assigned, this is the suffix after the entity folder name and colon, if not, then this is the extension (not of attribute) |
API
You can create an entity with the EntitySave class:
...
| Code Block |
|---|
Set<Entity> entities = new EntityFinder().addName("test:testEntity").findEntities();
|
dfs
Entity typeOfGroup
The "Group" object in Grouper is close to what we need for entities, they are in the namespace, they have some privileges (only ADMIN and VIEW are needed), and they have UI/WS support. The implementation of this enhancement is to have a typeOfGroup option as entity. Currently for v2.1 the options are "group", "role", and "entity".
...
An entity is modeled as a grouper group object, but you cannot ad members to it, and of course you cannot add role permissions to it. Though of course if it were a member of a role, you could add individual permissions in the context of that role.
Entity privileges
There are only two privileges for entities: VIEW and ADMIN.
...
Note: when you assign privileges in the API you use the AccessPrivilege class, e.g. AccessPrivilege.VIEW
Entity auditing, change log, point in time
Entities are auditing like groups, but the categories are: entity, and the actions are addEntity, updateEntity, and deleteEntity.
...
The point in time information is available, similar to point in time information on groups.
Misc
For hooks, just use group hooks and check that typeOfGroup equals 'entity'
...
Obviously you cannot make an entity into a composite, or add an entity as a part of a composite
Web services
Note: all web service changes are also available in the grouper client.
...
| Code Block |
|---|
<WsRestFindGroupsRequest> <wsQueryFilter> <typeOfGroups>entity</typeOfGroups> <queryFilterType>FIND_BY_GROUP_NAME_APPROXIMATE</queryFilterType> <groupName>aStem:aGroup</groupName> <stemName>aStem</stemName> </wsQueryFilter> </WsRestFindGroupsRequest> |
UI
You can create/edit/delete local entities on the UI in a folder you have CREATE on
...
Other screens are tweaked, e.g. on the permissions screen you can search for entities but not groups/roles for individual permissions:
...
...
Limiting the scope of entities
The documentation of entities has this sentence "Entities are not intended to be used to represent people."
...