[Project] Entity Management

Entity Management

Problem

There are many use cases where we need to model entities in addition to users. Examples might include devices, cars, computers, customers, companies, etc.

Currently, these often must be modeled outside of FusionAuth and then if Users are granted permissions to these entities, that information is stored in other databases. This external storage makes it easier for the link with the User in FusionAuth to be broken.

In some cases, Groups work as a model for things like customers. However, Groups might need to be used for other purposes and cannot be easily typed. Groups also don't form a hierarchy and don't have a permission model.

Solution

We will add a complete entity model to FusionAuth that includes the following features:

Support large volumes of entities (so that IoT domains can be easily handled without specialize hardware)
Allow entities to have types (locks, cars, companies, computers, APIs, etc)
Allow entities to define available permissions (by entity type likely)
Allow entities to have permissions to other entities (client credentials grant)
Allow users to have permissions to entities

Use Cases

IoT
Corporate relationship modeling
Per use device permissions

Delivered in 1.26.0

Entity Typers
Entities
APIs
UI for management of entities, types, entity grants, user grants to entities

Outstanding

Provide APIs for hierarchy based permission
?

Alternatives/workarounds

Groups sometimes work for this but require custom data to model permissions and aren't always a good fit.

Additional context

Initial design diagrams:

Domain model: https://docs.google.com/drawings/d/1si4nidqeBfPhk6XRp9vuQZq5rvtj6FMc00crldrpY8k/edit?usp=sharing

OAuth Client Credentials Flow

How to vote

Please give us a thumbs up or thumbs down as a reaction to help us prioritize this feature. Feel free to comment if you have a particular need or comment on how this feature should work.

FusionAuth / fusionauth-issues