Authorization per entity

[TheCodingSheikh]

Is it possible to have authorization per entity?
Like for certain components or templates, i want them to be visible for certain group only

[AmbrishRamachandiran]

@TheCodingSheikh

Yes, it's absolutely possible to have authorization per entity. The OPENFGA plugin is designed for this. You can create policies to make specific components or templates visible to certain groups only.

The process involves:

Defining a model in OPENFGA for your components or templates.

Creating a policy that links a specific group to a specific entity. For example: you can tell OPENFGA that group:engineering can view component:database-service.

Backstage will then ask OPENFGA if the user has permission to see the item, and OPENFGA will provide a yes or no answer based on your policy. This lets you manage who sees what without changing any code in Backstage.