Entity Schemas#

Introduction#

An Entity Schema defines the structure of a set of entities and relations. Each Entity Schema is composed of the following.

A set of entity types, such as group, organization, or role. Each entity type is defined by:

• A unique name.
• The entity context, for entities that always exist in the context of another entity.

A set of entity relation types, such as member, or owner. Each entity relation type is defined by:

• A unique name.
• The entity type for the relation source entities.
• The entity type for the relation target entities.
• The relation cardinality.

A set of resource relation types, such as member containing:

• The entity type for the relation source entities.
• The resource type for the relation target, which can be Accounts or Database OAuth Clients.

Global groups#

An Entity Schema can support the storage of global account groups. In order for that to be possible, the entity schema must enable the global-groups section, which requires the schema to define:

• The sys:global-account-group entity type that represents Account Groups.
• The sys:global-account-group:member resource relation type that represents the membership relation between an Account and an Account Group.
• The Account Group property used as the entities unique value, which can be:
  • The Account Group display name.
  • The Account Group external identifier.

To create an Entity Schema with global account groups support, using these pre-defined type names, it is also possible to use the “Creates or updates an entity schema to support groups” Config Spec.

Database Scopes#

An Entity Schema can also support the storage of Database Scopes . In order for that to be possible, the entity schema must enable the profile-scopes section, which requires the schema to define a fixed set of entity types and relation types, namely the sys:oauth-profile and sys:oauth-profile-scope entity types.

To create an Entity Schema with Database Scope support, using these pre-defined type names, it is also possible to use the “Creates or updates an entity schema to support database scopes” Config Spec.

Configuration#

Currently, it is not possible to create or edit an Entity Schema via the “Facilities” menu Administration UI . Only listing and deletion is available via that interface. It is however possible to create and edit Entity Schemas via the Command Line Interface or by uploading an XML file.

To create an Entity Schema with Account Group support, using pre-defined type names, it is also possible to use the “Creates or updates an entity schema to support groups” Config Spec.