Login
    Contents x
    Entitlement Permissions
    • 29 Jan 2024
    • 1 Minute to read
    • Contributors
    • Print
    • Dark
      Light
    • PDF
    Contents

    Entitlement Permissions

    • Updated on 29 Jan 2024
    • 1 Minute to read
    • Contributors
    • Print
    • Dark
      Light
    • PDF
    Article Summary

    Permissions

    An entitlement is something that can be directly attached to a user (or other entitlement) which gives them certain access. But what access does it actually give?

    Starting in Clarity 1.4.7, we now have a mechanism for tracking the permissions that an entitlement actually provides. Depending upon the application in question, Clarity will assign one or more permissions associated with a given entitlement. Permissions have an action, resource, type and optional description field. The action shows what actions are permitted, and the resource shows what objects the user can take those actions on. The type of the permission should be a category describing the type of permission.

    For example, you might have an entitlement called "Article Editors" which is of entitlement type "role" on a content management system. If the application supports permissions, Clarity would read in the privileges that the "Article Editors" role grants: update, delete and would store those as the action. The resource of that permission would be "articles". This indicates that the. "Article Editors" role grants "update, delete" on resources called "articles". The type of the permission would be "modification" or "CRUD" in this example.

    What applications support permissions?

    Currently, permissions are supported for on-prem database driven applications. Reading in permissions is as simple as including these additional parameters in your Entitlements quer(ies): "permission_type", "permission_action", "permission_resource". Optionally, a "permission_description" can also be included. An example query would look something like:

    SELECT service_identifier AS 'entitlement_service_identifier',
name AS 'entitlement_name',
type AS 'entitlement_type',
JSON_OBJECT('definition', definition) AS 'extra',
high_risk,
actions AS 'permission_action',
"grant" AS 'permission_type',
resources AS 'permission_resource'
FROM example_entitlement

    Neat, where can I see this?

    Currently, permissions are displayed during user access reviews when expanding a review item.

    image.png

    If you have any problems, contact your customer success team. You can also get in touch with our general support via email, open a support ticket. Our general support team is available Monday - Friday from 8:00 AM - 6:30 PM CST.

    Was this article helpful?
    What's Next
    Reduce risk while saving time, money, and employee effort with the most intuitive Identity Governance Platform on the market.
    Capabilities
    Use Cases
    About Clarity
    Connect With Us
    Change password!
    Changing your password will log you out immediately. Use the new password to log back in.
    Change profile
    Success!
    First name must have atleast 2 characters. Numbers and special characters are not allowed.
    Last name must have atleast 1 characters. Numbers and special characters are not allowed.
    Enter a valid email
    Enter a valid password
    Your profile has been successfully updated.
    Logout