@objectstack/platform-objects 12.5.0 → 13.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist/index.js CHANGED
@@ -39,13 +39,14 @@ var SysUser = data.ObjectSchema.create({
39
39
  locations: ["list_toolbar"],
40
40
  type: "api",
41
41
  target: "/api/v1/auth/organization/invite-member",
42
- // Org invitations are a multi-org-only flow (the endpoint resolves
43
- // an active org that does not exist in single-org mode). Hide the
44
- // affordance unless multi-org is enabled matching the
45
- // `create_organization` gate on sys_organization. This action is the
46
- // most exposed of the set because the Users list is always reachable
47
- // in single-org, unlike the org/membership lists.
48
- visible: "features.multiOrgEnabled != false",
42
+ // Gated on the org CAPABILITY, not multi-org (ADR-0081 D1): the
43
+ // better-auth organization plugin is always mounted, and single-org
44
+ // mode now bootstraps a Default Organization (plugin-auth) so the
45
+ // endpoint's active-org resolution works there too. This is THE
46
+ // "add a teammate" affordance the Users list is always reachable
47
+ // and every add flows through better-auth invitations, never bespoke
48
+ // sys_user CRUD.
49
+ visible: "features.organization != false",
49
50
  successMessage: "Invitation sent",
50
51
  refreshAfter: true,
51
52
  params: [
@@ -934,6 +935,12 @@ var SysVerification = data.ObjectSchema.create({
934
935
  icon: "shield-check",
935
936
  isSystem: true,
936
937
  managedBy: "better-auth",
938
+ // [ADR-0066 D2/④] Secure-by-default: rows are LIVE one-time credentials
939
+ // (email/phone verification + password-reset tokens) — reading one is
940
+ // account takeover. Not covered by the wildcard `'*'` grant; admins retain
941
+ // access via the superuser bypass; better-auth reads via its adapter
942
+ // (system context), so verification flows are unaffected.
943
+ access: { default: "private" },
937
944
  // ADR-0010 §3.7 — managed by better-auth; tenants may not edit schema,
938
945
  // but may add overlay row-level config. Use `no-overlay` if you need to
939
946
  // forbid sys_metadata overlays entirely.
@@ -1267,11 +1274,11 @@ var SysMember = data.ObjectSchema.create({
1267
1274
  locations: ["list_toolbar"],
1268
1275
  type: "api",
1269
1276
  target: "/api/v1/auth/organization/add-member",
1270
- // Org-membership mutations are multi-org-only: the better-auth
1271
- // endpoints resolve an active org that does not exist in single-org
1272
- // mode, so these actions would fail at the API. Gate every one on
1273
- // the multi-org flag (mirrors sys_organization.create_organization).
1274
- visible: "features.multiOrgEnabled != false",
1277
+ // Gated on the org CAPABILITY, not multi-org (ADR-0081 D1): the
1278
+ // better-auth endpoints resolve the session's active org, which
1279
+ // single-org mode now guarantees via plugin-auth's default-org
1280
+ // bootstrap. Same gate on every membership mutation below.
1281
+ visible: "features.organization != false",
1275
1282
  successMessage: "Member added",
1276
1283
  refreshAfter: true,
1277
1284
  params: [
@@ -1289,7 +1296,7 @@ var SysMember = data.ObjectSchema.create({
1289
1296
  type: "api",
1290
1297
  target: "/api/v1/auth/organization/update-member-role",
1291
1298
  recordIdParam: "memberId",
1292
- visible: "features.multiOrgEnabled != false",
1299
+ visible: "features.organization != false",
1293
1300
  successMessage: "Member role updated",
1294
1301
  refreshAfter: true,
1295
1302
  params: [
@@ -1306,7 +1313,7 @@ var SysMember = data.ObjectSchema.create({
1306
1313
  type: "api",
1307
1314
  target: "/api/v1/auth/organization/remove-member",
1308
1315
  recordIdParam: "memberIdOrEmail",
1309
- visible: "features.multiOrgEnabled != false",
1316
+ visible: "features.organization != false",
1310
1317
  confirmText: "Remove this member from the organization? They will lose access to all org resources.",
1311
1318
  successMessage: "Member removed",
1312
1319
  refreshAfter: true
@@ -1328,7 +1335,7 @@ var SysMember = data.ObjectSchema.create({
1328
1335
  target: "/api/v1/auth/organization/update-member-role",
1329
1336
  recordIdParam: "memberId",
1330
1337
  bodyExtra: { role: "owner" },
1331
- visible: "record.role != 'owner' && features.multiOrgEnabled != false",
1338
+ visible: "record.role != 'owner' && features.organization != false",
1332
1339
  confirmText: "Transfer ownership of this organization to the selected member? You will be demoted to admin and lose owner-only privileges.",
1333
1340
  successMessage: "Ownership transferred",
1334
1341
  refreshAfter: true
@@ -1436,7 +1443,7 @@ var SysInvitation = data.ObjectSchema.create({
1436
1443
  // sys_organization.create_organization). The recipient-side
1437
1444
  // accept/reject actions below stay record-gated — they are
1438
1445
  // unreachable in single-org anyway (no invitation rows exist).
1439
- visible: "features.multiOrgEnabled != false",
1446
+ visible: "features.organization != false",
1440
1447
  successMessage: "Invitation sent",
1441
1448
  refreshAfter: true,
1442
1449
  params: [
@@ -1454,7 +1461,7 @@ var SysInvitation = data.ObjectSchema.create({
1454
1461
  type: "api",
1455
1462
  target: "/api/v1/auth/organization/cancel-invitation",
1456
1463
  recordIdParam: "invitationId",
1457
- visible: "features.multiOrgEnabled != false",
1464
+ visible: "features.organization != false",
1458
1465
  confirmText: "Cancel this invitation? The recipient will no longer be able to accept it.",
1459
1466
  successMessage: "Invitation canceled",
1460
1467
  refreshAfter: true
@@ -1468,7 +1475,7 @@ var SysInvitation = data.ObjectSchema.create({
1468
1475
  type: "api",
1469
1476
  target: "/api/v1/auth/organization/invite-member",
1470
1477
  bodyExtra: { resend: true },
1471
- visible: "features.multiOrgEnabled != false",
1478
+ visible: "features.organization != false",
1472
1479
  successMessage: "Invitation resent",
1473
1480
  refreshAfter: true,
1474
1481
  params: [
@@ -1658,7 +1665,7 @@ var SysTeam = data.ObjectSchema.create({
1658
1665
  // Teams are nested inside organizations — a multi-org-only concept.
1659
1666
  // Gate every team mutation on the multi-org flag so the affordances
1660
1667
  // disappear in single-org (mirrors sys_organization.create_organization).
1661
- visible: "features.multiOrgEnabled != false",
1668
+ visible: "features.organization != false",
1662
1669
  successMessage: "Team created",
1663
1670
  refreshAfter: true,
1664
1671
  params: [
@@ -1679,7 +1686,7 @@ var SysTeam = data.ObjectSchema.create({
1679
1686
  target: "/api/v1/auth/organization/update-team",
1680
1687
  recordIdParam: "teamId",
1681
1688
  bodyShape: { wrap: "data" },
1682
- visible: "features.multiOrgEnabled != false",
1689
+ visible: "features.organization != false",
1683
1690
  successMessage: "Team updated",
1684
1691
  refreshAfter: true,
1685
1692
  params: [
@@ -1698,7 +1705,7 @@ var SysTeam = data.ObjectSchema.create({
1698
1705
  type: "api",
1699
1706
  target: "/api/v1/auth/organization/remove-team",
1700
1707
  recordIdParam: "teamId",
1701
- visible: "features.multiOrgEnabled != false",
1708
+ visible: "features.organization != false",
1702
1709
  confirmText: "Delete this team? Members will lose any team-scoped access. This cannot be undone.",
1703
1710
  successMessage: "Team deleted",
1704
1711
  refreshAfter: true
@@ -1812,7 +1819,7 @@ var SysTeamMember = data.ObjectSchema.create({
1812
1819
  // Team membership lives under organizations — multi-org-only. Gate
1813
1820
  // both mutations so they vanish in single-org (mirrors
1814
1821
  // sys_organization.create_organization).
1815
- visible: "features.multiOrgEnabled != false",
1822
+ visible: "features.organization != false",
1816
1823
  successMessage: "Team member added",
1817
1824
  refreshAfter: true,
1818
1825
  params: [
@@ -1833,7 +1840,7 @@ var SysTeamMember = data.ObjectSchema.create({
1833
1840
  locations: ["list_item"],
1834
1841
  type: "api",
1835
1842
  target: "/api/v1/auth/organization/remove-team-member",
1836
- visible: "features.multiOrgEnabled != false",
1843
+ visible: "features.organization != false",
1837
1844
  confirmText: "Remove this user from the team? They will lose any team-scoped access.",
1838
1845
  successMessage: "Team member removed",
1839
1846
  refreshAfter: true,
@@ -2071,7 +2078,7 @@ var SysBusinessUnitMember = data.ObjectSchema.create({
2071
2078
  managedBy: "platform",
2072
2079
  description: "User assignment to a business unit (matrix-org friendly, effective-dated).",
2073
2080
  titleFormat: "{user_id} in {business_unit_id}",
2074
- highlightFields: ["user_id", "business_unit_id", "role_in_business_unit", "is_primary"],
2081
+ highlightFields: ["user_id", "business_unit_id", "function_in_business_unit", "is_primary"],
2075
2082
  fields: {
2076
2083
  id: data.Field.text({
2077
2084
  label: "Member ID",
@@ -2089,10 +2096,10 @@ var SysBusinessUnitMember = data.ObjectSchema.create({
2089
2096
  required: true,
2090
2097
  group: "Assignment"
2091
2098
  }),
2092
- role_in_business_unit: data.Field.select(
2099
+ function_in_business_unit: data.Field.select(
2093
2100
  ["member", "lead", "deputy"],
2094
2101
  {
2095
- label: "Role in Business Unit",
2102
+ label: "Function in Business Unit",
2096
2103
  required: false,
2097
2104
  defaultValue: "member",
2098
2105
  description: "`lead` is the day-to-day head; `deputy` may stand in for the lead in approval routing.",
@@ -2496,6 +2503,12 @@ var SysDeviceCode = data.ObjectSchema.create({
2496
2503
  icon: "key-round",
2497
2504
  isSystem: true,
2498
2505
  managedBy: "better-auth",
2506
+ // [ADR-0066 D2/④] Secure-by-default: rows are LIVE pending device-grant
2507
+ // codes — reading `user_code`/`device_code` lets an attacker hijack a
2508
+ // pending CLI login. Not covered by the wildcard `'*'` grant; admins retain
2509
+ // access via the superuser bypass; better-auth reads via its adapter
2510
+ // (system context), so the device-grant flow is unaffected.
2511
+ access: { default: "private" },
2499
2512
  // ADR-0010 §3.7 — managed by better-auth; tenants may not edit schema,
2500
2513
  // but may add overlay row-level config. Use `no-overlay` if you need to
2501
2514
  // forbid sys_metadata overlays entirely.
@@ -3091,6 +3104,11 @@ var SysOauthAccessToken = data.ObjectSchema.create({
3091
3104
  icon: "ticket",
3092
3105
  isSystem: true,
3093
3106
  managedBy: "better-auth",
3107
+ // [ADR-0066 D2/④] Secure-by-default: rows are LIVE bearer credentials —
3108
+ // reading one is session hijack. Not covered by the wildcard `'*'` grant;
3109
+ // admins retain access via the superuser bypass; better-auth reads via its
3110
+ // adapter (system context), so OAuth flows are unaffected.
3111
+ access: { default: "private" },
3094
3112
  // ADR-0010 §3.7 — managed by better-auth; tenants may not edit schema,
3095
3113
  // but may add overlay row-level config. Use `no-overlay` if you need to
3096
3114
  // forbid sys_metadata overlays entirely.
@@ -3177,6 +3195,11 @@ var SysOauthRefreshToken = data.ObjectSchema.create({
3177
3195
  icon: "refresh-cw",
3178
3196
  isSystem: true,
3179
3197
  managedBy: "better-auth",
3198
+ // [ADR-0066 D2/④] Secure-by-default: rows are LIVE long-lived credentials —
3199
+ // a refresh token mints new access tokens. Not covered by the wildcard `'*'`
3200
+ // grant; admins retain access via the superuser bypass; better-auth reads
3201
+ // via its adapter (system context), so OAuth flows are unaffected.
3202
+ access: { default: "private" },
3180
3203
  // ADR-0010 §3.7 — managed by better-auth; tenants may not edit schema,
3181
3204
  // but may add overlay row-level config. Use `no-overlay` if you need to
3182
3205
  // forbid sys_metadata overlays entirely.
@@ -3335,6 +3358,13 @@ var SysJwks = data.ObjectSchema.create({
3335
3358
  icon: "key",
3336
3359
  isSystem: true,
3337
3360
  managedBy: "better-auth",
3361
+ // [ADR-0066 D2/④] Secure-by-default: rows are the environment's JWT SIGNING
3362
+ // KEYS (private key material). Not covered by the wildcard `'*'` grant — an
3363
+ // ordinary member gets 403 from the generic data layer. Platform admins
3364
+ // (viewAllRecords/modifyAllRecords) retain access via the posture-gated
3365
+ // superuser bypass; better-auth itself reads via its adapter (system
3366
+ // context), so token signing/verification is unaffected.
3367
+ access: { default: "private" },
3338
3368
  // ADR-0010 §3.7 — managed by better-auth; tenants may not edit schema,
3339
3369
  // but may add overlay row-level config. Use `no-overlay` if you need to
3340
3370
  // forbid sys_metadata overlays entirely.
@@ -3648,6 +3678,14 @@ var SysScimProvider = data.ObjectSchema.create({
3648
3678
  icon: "users",
3649
3679
  isSystem: true,
3650
3680
  managedBy: "better-auth",
3681
+ // [ADR-0066 D3/④] Admin-only identity config carrying a live credential
3682
+ // (`scim_token` — the bearer external IdPs authenticate provisioning calls
3683
+ // with). Object-level capability gate, mirroring the sibling
3684
+ // `sys_sso_provider`: ordinary members are denied entirely (without it, the
3685
+ // `member_default` wildcard `'*': allowRead` would expose SCIM connections
3686
+ // to every authenticated user). better-auth's own endpoints read via a
3687
+ // system context, so SCIM provisioning is unaffected.
3688
+ requiredPermissions: ["manage_platform_settings"],
3651
3689
  // ADR-0010 §3.7 — managed by better-auth; tenants may not edit schema.
3652
3690
  protection: {
3653
3691
  lock: "full",
@@ -4936,6 +4974,14 @@ var SysSecret = data.ObjectSchema.create({
4936
4974
  icon: "key",
4937
4975
  isSystem: true,
4938
4976
  managedBy: "system",
4977
+ // [ADR-0066 D2/④] Secure-by-default: the environment's encrypted-secrets
4978
+ // store (settings/datasource credentials). Not covered by the wildcard `'*'`
4979
+ // grant — ordinary members get 403 from the generic data layer. Platform
4980
+ // admins retain access via the posture-gated superuser bypass. Internal
4981
+ // readers are unaffected: `engine.resolveSecret` reads at DRIVER level,
4982
+ // SettingsService / the datasource secret-binder read with no principal
4983
+ // (middleware falls open for principal-less internal calls).
4984
+ access: { default: "private" },
4939
4985
  description: "Cipher store referenced by sys_setting handles. Never holds plaintext.",
4940
4986
  highlightFields: ["namespace", "key", "kms_key_id", "version", "rotated_at"],
4941
4987
  listViews: {
@@ -5283,10 +5329,22 @@ var SETUP_NAV_CONTRIBUTIONS = [
5283
5329
  priority: BASE_PRIORITY,
5284
5330
  items: [
5285
5331
  { id: "nav_users", type: "object", label: "Users", objectName: "sys_user", icon: "user" },
5332
+ // The ACTIVE organization's record page (Members / Invitations / Teams
5333
+ // tabs with the better-auth row actions), rendered inside the app shell
5334
+ // (ADR-0081). `{current_org_id}` resolves from the session's active
5335
+ // organization; unresolved (e.g. org-less admin before bootstrap) it
5336
+ // falls back to the sys_organization list — one row in single-org.
5337
+ { id: "nav_organization", type: "object", label: "Organization", objectName: "sys_organization", recordId: "{current_org_id}", icon: "building-2" },
5286
5338
  { id: "nav_business_units", type: "object", label: "Business Units", objectName: "sys_business_unit", icon: "building", requiresObject: "sys_business_unit" },
5287
- { id: "nav_teams", type: "object", label: "Teams", objectName: "sys_team", icon: "users-round", requiresService: "org-scoping" },
5339
+ // Teams / Invitations no longer gate on `org-scoping` (ADR-0081 D1):
5340
+ // the better-auth organization capability is always mounted, and
5341
+ // plugin-auth's single-org default-org bootstrap guarantees an org to
5342
+ // invite into — these are the OPEN member-management basics. Only the
5343
+ // org LIST below keeps the gate: browsing organizations is meaningful
5344
+ // only when more than one can exist (enterprise multi-org).
5345
+ { id: "nav_teams", type: "object", label: "Teams", objectName: "sys_team", icon: "users-round" },
5288
5346
  { id: "nav_organizations", type: "object", label: "Organizations", objectName: "sys_organization", icon: "building-2", requiresService: "org-scoping" },
5289
- { id: "nav_invitations", type: "object", label: "Invitations", objectName: "sys_invitation", icon: "mail", requiresService: "org-scoping" }
5347
+ { id: "nav_invitations", type: "object", label: "Invitations", objectName: "sys_invitation", icon: "mail" }
5290
5348
  ]
5291
5349
  },
5292
5350
  {
@@ -5348,7 +5406,11 @@ var SETUP_NAV_CONTRIBUTIONS = [
5348
5406
  priority: BASE_PRIORITY,
5349
5407
  items: [
5350
5408
  { id: "nav_oauth_apps", type: "object", label: "OAuth Applications", objectName: "sys_oauth_application", icon: "app-window" },
5351
- { id: "nav_jwks", type: "object", label: "Signing Keys (JWKS)", objectName: "sys_jwks", icon: "key-round" },
5409
+ // nav_jwks is capability-gated (like nav_api_keys): sys_jwks is
5410
+ // `access.default:'private'` (ADR-0066 ④ — signing keys), so a
5411
+ // non-admin's list request 403s server-side; gating the nav item keeps
5412
+ // the menu honest instead of showing an entry that can only error.
5413
+ { id: "nav_jwks", type: "object", label: "Signing Keys (JWKS)", objectName: "sys_jwks", icon: "key-round", requiredPermissions: ["manage_platform_settings"] },
5352
5414
  // `sys_verification` (email/phone tokens) and `sys_device_code` (OAuth
5353
5415
  // device-grant codes) deliberately omit `list` from their `apiMethods`
5354
5416
  // (sensitive, ephemeral secrets — not browsable), so an object/list-view
@@ -6687,8 +6749,8 @@ var enObjects = {
6687
6749
  user_id: {
6688
6750
  label: "User"
6689
6751
  },
6690
- role_in_business_unit: {
6691
- label: "Role in Business Unit",
6752
+ function_in_business_unit: {
6753
+ label: "Function in Business Unit",
6692
6754
  help: "`lead` is the day-to-day head; `deputy` may stand in for the lead in approval routing.",
6693
6755
  options: {
6694
6756
  member: "member",
@@ -8640,6 +8702,7 @@ var en = {
8640
8702
  nav_marketplace_installed: { label: "Installed Apps" },
8641
8703
  // People & Organization
8642
8704
  nav_users: { label: "Users" },
8705
+ nav_organization: { label: "Organization" },
8643
8706
  nav_business_units: { label: "Business Units" },
8644
8707
  nav_teams: { label: "Teams" },
8645
8708
  nav_organizations: { label: "Organizations" },
@@ -9433,8 +9496,8 @@ var zhCNObjects = {
9433
9496
  user_id: {
9434
9497
  label: "\u7528\u6237"
9435
9498
  },
9436
- role_in_business_unit: {
9437
- label: "\u4E1A\u52A1\u5355\u5143\u5185\u89D2\u8272",
9499
+ function_in_business_unit: {
9500
+ label: "\u4E1A\u52A1\u5355\u5143\u5185\u804C\u80FD",
9438
9501
  help: "`lead` \u8868\u793A\u65E5\u5E38\u8D1F\u8D23\u4EBA\uFF1B`deputy` \u53EF\u5728\u5BA1\u6279\u8DEF\u7531\u4E2D\u4EE3\u66FF\u8D1F\u8D23\u4EBA\u3002",
9439
9502
  options: {
9440
9503
  member: "\u6210\u5458",
@@ -11383,6 +11446,7 @@ var zhCN = {
11383
11446
  group_advanced: { label: "\u9AD8\u7EA7" },
11384
11447
  nav_system_overview: { label: "\u7CFB\u7EDF\u6982\u89C8" },
11385
11448
  nav_users: { label: "\u7528\u6237" },
11449
+ nav_organization: { label: "\u7EC4\u7EC7" },
11386
11450
  nav_business_units: { label: "\u4E1A\u52A1\u5355\u5143" },
11387
11451
  nav_teams: { label: "\u56E2\u961F" },
11388
11452
  nav_organizations: { label: "\u7EC4\u7EC7" },
@@ -12142,8 +12206,8 @@ var jaJPObjects = {
12142
12206
  user_id: {
12143
12207
  label: "\u30E6\u30FC\u30B6\u30FC"
12144
12208
  },
12145
- role_in_business_unit: {
12146
- label: "\u30D3\u30B8\u30CD\u30B9\u30E6\u30CB\u30C3\u30C8\u5185\u30ED\u30FC\u30EB",
12209
+ function_in_business_unit: {
12210
+ label: "\u30D3\u30B8\u30CD\u30B9\u30E6\u30CB\u30C3\u30C8\u5185\u306E\u8077\u80FD",
12147
12211
  help: "`lead` \u306F\u65E5\u5E38\u306E\u8CAC\u4EFB\u8005\u3001`deputy` \u306F\u627F\u8A8D\u30EB\u30FC\u30C6\u30A3\u30F3\u30B0\u3067\u30EA\u30FC\u30C9\u306E\u4EE3\u7406\u3092\u52D9\u3081\u308B\u5834\u5408\u304C\u3042\u308A\u307E\u3059\u3002",
12148
12212
  options: {
12149
12213
  member: "\u30E1\u30F3\u30D0\u30FC",
@@ -14091,6 +14155,7 @@ var jaJP = {
14091
14155
  group_advanced: { label: "\u8A73\u7D30" },
14092
14156
  nav_system_overview: { label: "\u30B7\u30B9\u30C6\u30E0\u6982\u8981" },
14093
14157
  nav_users: { label: "\u30E6\u30FC\u30B6\u30FC" },
14158
+ nav_organization: { label: "\u7D44\u7E54" },
14094
14159
  nav_business_units: { label: "\u30D3\u30B8\u30CD\u30B9\u30E6\u30CB\u30C3\u30C8" },
14095
14160
  nav_teams: { label: "\u30C1\u30FC\u30E0" },
14096
14161
  nav_organizations: { label: "\u7D44\u7E54" },
@@ -14848,8 +14913,8 @@ var esESObjects = {
14848
14913
  user_id: {
14849
14914
  label: "Usuario"
14850
14915
  },
14851
- role_in_business_unit: {
14852
- label: "Rol en el departamento",
14916
+ function_in_business_unit: {
14917
+ label: "Funci\xF3n en la unidad de negocio",
14853
14918
  help: "`lead` es el responsable del d\xEDa a d\xEDa; `deputy` puede sustituir al responsable en el enrutamiento de aprobaciones.",
14854
14919
  options: {
14855
14920
  member: "Miembro",
@@ -16797,6 +16862,7 @@ var esES = {
16797
16862
  group_advanced: { label: "Avanzado" },
16798
16863
  nav_system_overview: { label: "Resumen del Sistema" },
16799
16864
  nav_users: { label: "Usuarios" },
16865
+ nav_organization: { label: "Organizaci\xF3n" },
16800
16866
  nav_business_units: { label: "Unidades de negocio" },
16801
16867
  nav_teams: { label: "Equipos" },
16802
16868
  nav_organizations: { label: "Organizaciones" },
@@ -17046,7 +17112,7 @@ var SysUserDetailPage = {
17046
17112
  },
17047
17113
  // ── Tabs: curated related lists ───────────────────────────────
17048
17114
  // Only the 4 lists that are semantically about THIS user account.
17049
- // Everything else (sys_role created_by, sys_email_template
17115
+ // Everything else (sys_position created_by, sys_email_template
17050
17116
  // updated_by, …) is incidental authorship metadata and would only
17051
17117
  // create noise.
17052
17118
  tabs: {
@@ -18566,10 +18632,6 @@ var enMetadataForms = {
18566
18632
  label: "Label",
18567
18633
  helpText: "Display label for admins"
18568
18634
  },
18569
- isProfile: {
18570
- label: "Is Profile",
18571
- helpText: "Profile = base set assigned to users. Permission Set = additive grant."
18572
- },
18573
18635
  systemPermissions: {
18574
18636
  label: "System Permissions",
18575
18637
  helpText: "List of system capability keys"
@@ -18625,10 +18687,6 @@ var enMetadataForms = {
18625
18687
  label: "Label",
18626
18688
  helpText: "Display label for admins"
18627
18689
  },
18628
- isProfile: {
18629
- label: "Is Profile",
18630
- helpText: "Profile = base set assigned to users. Permission Set = additive grant."
18631
- },
18632
18690
  systemPermissions: {
18633
18691
  label: "System Permissions",
18634
18692
  helpText: "List of system capability keys"
@@ -20204,10 +20262,6 @@ var zhCNMetadataForms = {
20204
20262
  label: "\u663E\u793A\u540D\u79F0",
20205
20263
  helpText: "\u9762\u5411\u7BA1\u7406\u5458\u7684\u663E\u793A\u6807\u7B7E"
20206
20264
  },
20207
- isProfile: {
20208
- label: "\u662F\u5426\u914D\u7F6E\u6587\u4EF6",
20209
- helpText: "\u52FE\u9009\u540E\u4F5C\u4E3A\u5B8C\u6574\u914D\u7F6E\u6587\u4EF6\uFF08\u800C\u975E\u9644\u52A0\u6743\u9650\u96C6\uFF09"
20210
- },
20211
20265
  systemPermissions: {
20212
20266
  label: "\u7CFB\u7EDF\u6743\u9650",
20213
20267
  helpText: "\u5E94\u7528\u8BBF\u95EE\u3001API\u3001\u7BA1\u7406\u64CD\u4F5C"
@@ -20263,10 +20317,6 @@ var zhCNMetadataForms = {
20263
20317
  label: "\u663E\u793A\u540D\u79F0",
20264
20318
  helpText: "\u9762\u5411\u7BA1\u7406\u5458\u663E\u793A\u7684\u6807\u7B7E"
20265
20319
  },
20266
- isProfile: {
20267
- label: "\u662F\u5426\u914D\u7F6E\u6587\u4EF6",
20268
- helpText: "\u914D\u7F6E\u6587\u4EF6 = \u5206\u914D\u7ED9\u7528\u6237\u7684\u57FA\u7840\u96C6\u5408\u3002\u6743\u9650\u96C6 = \u9644\u52A0\u6388\u4E88\u3002"
20269
- },
20270
20320
  systemPermissions: {
20271
20321
  label: "\u7CFB\u7EDF\u6743\u9650",
20272
20322
  helpText: "\u7CFB\u7EDF\u80FD\u529B\u952E\u5217\u8868"
@@ -21842,10 +21892,6 @@ var jaJPMetadataForms = {
21842
21892
  label: "\u8868\u793A\u540D",
21843
21893
  helpText: "\u7BA1\u7406\u8005\u5411\u3051\u8868\u793A\u30E9\u30D9\u30EB"
21844
21894
  },
21845
- isProfile: {
21846
- label: "\u30D7\u30ED\u30D5\u30A1\u30A4\u30EB\u304B",
21847
- helpText: "Profile = \u30E6\u30FC\u30B6\u30FC\u306B\u5272\u308A\u5F53\u3066\u308B\u57FA\u672C\u30BB\u30C3\u30C8\u3002Permission Set = \u8FFD\u52A0\u6A29\u9650\u3002"
21848
- },
21849
21895
  systemPermissions: {
21850
21896
  label: "\u30B7\u30B9\u30C6\u30E0\u6A29\u9650",
21851
21897
  helpText: "\u30B7\u30B9\u30C6\u30E0\u6A5F\u80FD\u30AD\u30FC\u306E\u30EA\u30B9\u30C8"
@@ -21901,10 +21947,6 @@ var jaJPMetadataForms = {
21901
21947
  label: "\u8868\u793A\u540D",
21902
21948
  helpText: "\u7BA1\u7406\u8005\u5411\u3051\u8868\u793A\u30E9\u30D9\u30EB"
21903
21949
  },
21904
- isProfile: {
21905
- label: "\u30D7\u30ED\u30D5\u30A1\u30A4\u30EB\u304B",
21906
- helpText: "Profile = \u30E6\u30FC\u30B6\u30FC\u306B\u5272\u308A\u5F53\u3066\u308B\u57FA\u672C\u30BB\u30C3\u30C8\u3002Permission Set = \u8FFD\u52A0\u6A29\u9650\u3002"
21907
- },
21908
21950
  systemPermissions: {
21909
21951
  label: "\u30B7\u30B9\u30C6\u30E0\u6A29\u9650",
21910
21952
  helpText: "\u30B7\u30B9\u30C6\u30E0\u6A5F\u80FD\u30AD\u30FC\u306E\u30EA\u30B9\u30C8"
@@ -23480,10 +23522,6 @@ var esESMetadataForms = {
23480
23522
  label: "Etiqueta",
23481
23523
  helpText: "Etiqueta mostrada para administradores"
23482
23524
  },
23483
- isProfile: {
23484
- label: "Es perfil",
23485
- helpText: "Profile = conjunto base asignado a usuarios. Permission Set = concesi\xF3n adicional."
23486
- },
23487
23525
  systemPermissions: {
23488
23526
  label: "Permisos del sistema",
23489
23527
  helpText: "Lista de claves de capacidades del sistema"
@@ -23539,10 +23577,6 @@ var esESMetadataForms = {
23539
23577
  label: "Etiqueta",
23540
23578
  helpText: "Etiqueta mostrada para administradores"
23541
23579
  },
23542
- isProfile: {
23543
- label: "Es perfil",
23544
- helpText: "Profile = conjunto base asignado a usuarios. Permission Set = concesi\xF3n adicional."
23545
- },
23546
23580
  systemPermissions: {
23547
23581
  label: "Permisos del sistema",
23548
23582
  helpText: "Lista de claves de capacidades del sistema"