Administration
Govern access and maintain the environment. Access is deny-by-default — subjects see nothing until explicitly granted.
Entitlement grants
5 explicit grants
Grant a subject read or write access to an entity or a single property. Use * to match every entity or property.
| Subject | Entity | Property | Action | Granted |
|---|---|---|---|---|
| abac-api-20260519213907 | instrument |
* |
read | 2026-05-19 20:39 |
| admin | * |
* |
read | 2000-01-01 00:00 |
| admin | * |
* |
write | 2000-01-01 00:00 |
| admin | * |
(entity) |
read | 2000-01-01 00:00 |
| admin | * |
(entity) |
write | 2000-01-01 00:00 |
Subjects & access
Effective access derived from the grants above
Effective entity-level access per subject. admin is the bootstrap subject with implicit full access;
every other subject is deny-by-default.
| Subject | Book | Instrument | Instrument Price | Market | Trade | Grants |
|---|---|---|---|---|---|---|
| AA abac-api-20260519213907 | — | — | — | — | 1 | |
| AD adminactingbootstrap | 4 |
Data maintenance
affects every subject
Seed default model
Idempotently creates the standard entities: instrument, book, trade, market and instrumentprice.
Wipe entity data
Removes every record and property value while keeping the entity model intact.
Wipe everything
Removes all entity types and their data. Entitlement grants are kept so admin can rebuild.