Gestalt Platform Entitlements

Overview

Entitlements are resources in Gestalt Meta that are associated with other resources to enable users to take specific actions on those resources. They are a fine-grained and flexible authorization system for Gestalt Meta resources. These entitlements consist of an action name and a list of identities that are entitled to perform the action on the associated resource.

Entitlements take the form of resource_type.verb.

Entitlement Verbs

Resources generally have the following verbs:

Verb Meaning
create Ability to create a resource of type resource_type
view Ability to view/use resources of type resource_type
update Ability to update or modify resources of type resource_type
delete Ability to delete resources of type resource_type

The lambda resource type has an additional verb:

Verb Meaning
lambda.invoke Entitled user has the ability to invoke lambdas

Entitlement Resource Types

Common Resource Types

Resource Type Meaning Org Scope Workspace Scope Environment Scope
api API X X X
apiendpoint API Endpoint X X X
container Container X X
entitlement Entitlement X X X
environment Environment X X
group Group X
lambda Lambda Resource X X X
license Gestalt License Information X
org Organization X
policy Policy X X X
provider Provider X X X
secret Secret X X
user User X
workspace Workspace X X

System and Reserved Resource Types

Resource Type Meaning Org Scope Workspace Scope Environment Scope
actionprovider Reserved X X X
datacontainer Reserved X X X
domain Reserved X X
integration Reserved X
resourcetype System Resource X
typeproperty System Resource X