There are many use cases where we need to model entities in addition to users. Examples might include devices, cars, computers, customers, companies, etc.
Currently, these often must be modeled outside of FusionAuth and then if Users are granted permissions to these entities, that information is stored in other databases. This external storage makes it easier for the link with the User in FusionAuth to be broken.
In some cases, Groups work as a model for things like customers. However, Groups might need to be used for other purposes and cannot be easily typed. Groups also don't form a hierarchy and don't have a permission model.
Solution
We will add a complete entity model to FusionAuth that includes the following features:
Support large volumes of entities (so that IoT domains can be easily handled without specialize hardware)
Allow entities to have types (locks, cars, companies, computers, APIs, etc)
Allow entities to define available permissions (by entity type likely)
Allow entities to have permissions to other entities (client credentials grant)
Allow users to have permissions to entities
Use Cases
IoT
Corporate relationship modeling
Per use device permissions
Delivered in 1.26.0
Entity Typers
Entities
APIs
UI for management of entities, types, entity grants, user grants to entities
Outstanding
Provide APIs for hierarchy based permission
?
Alternatives/workarounds
Groups sometimes work for this but require custom data to model permissions and aren't always a good fit.
Please give us a thumbs up or thumbs down as a reaction to help us prioritize this feature. Feel free to comment if you have a particular need or comment on how this feature should work.
Entity Management
Problem
There are many use cases where we need to model entities in addition to users. Examples might include devices, cars, computers, customers, companies, etc.
Currently, these often must be modeled outside of FusionAuth and then if Users are granted permissions to these entities, that information is stored in other databases. This external storage makes it easier for the link with the User in FusionAuth to be broken.
In some cases, Groups work as a model for things like customers. However, Groups might need to be used for other purposes and cannot be easily typed. Groups also don't form a hierarchy and don't have a permission model.
Solution
We will add a complete entity model to FusionAuth that includes the following features:
Use Cases
Delivered in 1.26.0
Outstanding
Alternatives/workarounds
Groups sometimes work for this but require custom data to model permissions and aren't always a good fit.
Additional context
Initial design diagrams:
Related
OAuth Client Credentials Flow
How to vote
Please give us a thumbs up or thumbs down as a reaction to help us prioritize this feature. Feel free to comment if you have a particular need or comment on how this feature should work.