@@ -37,4 +37,6 @@ Discussions with various Module Owners and CSP is in progress and below requirem
o System Configuration.
<h4>c. Entitlement and obligation (E&O) Module</h4>
Entitlements service is used to enable authorization in Data Ecosystem. The service allows for the creation and user mapping for groups. A group name defines a permission. Users who are added to that group obtain that permission. The main motivation for entitlements service is data authorization but the functionality enables three use cases:<br/>
<ol><li>Data groups used for data authorization e.g. data.welldb.viewer, data.welldb.owner</li><li>Service groups used for service authorization e.g. service.storage.user, service.storage.admin </li><li>User groups used for hierarchical grouping of user and service identities e.g. users.datalake.viewers, users.datalake.</li></ol>
\ No newline at end of file
<ol><li>Data groups used for data authorization e.g. data.welldb.viewer, data.welldb.owner</li><li>Service groups used for service authorization e.g. service.storage.user, service.storage.admin </li><li>User groups used for hierarchical grouping of user and service identities e.g. users.datalake.viewers, users.datalake.</li></ol>
<p>For each group a user can either be added as an OWNER or a MEMBER. The only difference being if you are an OWNER of a group, then you can manage the members of that group.</p>
<p>In Entitlement and obligation page users will have 2 sections Manage Users and Manage Groups. Depending on the visitor’s access level few functionalities like deletion, creation and editing will be enables or disabled. The groups and user mapping will be done via Entitlements Module where the group owner will have access to edit the group permissions for the users. </p>
