Entitlement Permissions
  • 29 Jan 2024
  • 1 Minute to read
  • Dark
  • PDF

Entitlement Permissions

  • Dark
  • PDF

Article summary


An entitlement is something that can be directly attached to a user (or other entitlement) which gives them certain access. But what access does it actually give?

Starting in Clarity 1.4.7, we now have a mechanism for tracking the permissions that an entitlement actually provides. Depending upon the application in question, Clarity will assign one or more permissions associated with a given entitlement. Permissions have an action, resource, type and optional description field. The action shows what actions are permitted, and the resource shows what objects the user can take those actions on. The type of the permission should be a category describing the type of permission.

For example, you might have an entitlement called "Article Editors" which is of entitlement type "role" on a content management system. If the application supports permissions, Clarity would read in the privileges that the "Article Editors" role grants: update, delete and would store those as the action. The resource of that permission would be "articles". This indicates that the. "Article Editors" role grants "update, delete" on resources called "articles". The type of the permission would be "modification" or "CRUD" in this example.

What applications support permissions?

Currently, permissions are supported for on-prem database driven applications. Reading in permissions is as simple as including these additional parameters in your Entitlements quer(ies): "permission_type", "permission_action", "permission_resource". Optionally, a "permission_description" can also be included. An example query would look something like:

SELECT service_identifier AS 'entitlement_service_identifier',
name AS 'entitlement_name',
type AS 'entitlement_type',
JSON_OBJECT('definition', definition) AS 'extra',
actions AS 'permission_action',
"grant" AS 'permission_type',
resources AS 'permission_resource'
FROM example_entitlement

Neat, where can I see this?

Currently, permissions are displayed during user access reviews when expanding a review item.


If you have any problems, contact your customer success team. You can also get in touch with our general support via email, open a support ticket. Our general support team is available Monday - Friday from 8:00 AM - 6:30 PM CST.

Was this article helpful?

Changing your password will log you out immediately. Use the new password to log back in.
First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.