@objectstack/platform-objects 12.6.0 → 13.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist/index.mjs CHANGED
@@ -37,13 +37,14 @@ var SysUser = ObjectSchema.create({
37
37
  locations: ["list_toolbar"],
38
38
  type: "api",
39
39
  target: "/api/v1/auth/organization/invite-member",
40
- // Org invitations are a multi-org-only flow (the endpoint resolves
41
- // an active org that does not exist in single-org mode). Hide the
42
- // affordance unless multi-org is enabled matching the
43
- // `create_organization` gate on sys_organization. This action is the
44
- // most exposed of the set because the Users list is always reachable
45
- // in single-org, unlike the org/membership lists.
46
- visible: "features.multiOrgEnabled != false",
40
+ // Gated on the org CAPABILITY, not multi-org (ADR-0081 D1): the
41
+ // better-auth organization plugin is always mounted, and single-org
42
+ // mode now bootstraps a Default Organization (plugin-auth) so the
43
+ // endpoint's active-org resolution works there too. This is THE
44
+ // "add a teammate" affordance the Users list is always reachable
45
+ // and every add flows through better-auth invitations, never bespoke
46
+ // sys_user CRUD.
47
+ visible: "features.organization != false",
47
48
  successMessage: "Invitation sent",
48
49
  refreshAfter: true,
49
50
  params: [
@@ -932,6 +933,12 @@ var SysVerification = ObjectSchema.create({
932
933
  icon: "shield-check",
933
934
  isSystem: true,
934
935
  managedBy: "better-auth",
936
+ // [ADR-0066 D2/④] Secure-by-default: rows are LIVE one-time credentials
937
+ // (email/phone verification + password-reset tokens) — reading one is
938
+ // account takeover. Not covered by the wildcard `'*'` grant; admins retain
939
+ // access via the superuser bypass; better-auth reads via its adapter
940
+ // (system context), so verification flows are unaffected.
941
+ access: { default: "private" },
935
942
  // ADR-0010 §3.7 — managed by better-auth; tenants may not edit schema,
936
943
  // but may add overlay row-level config. Use `no-overlay` if you need to
937
944
  // forbid sys_metadata overlays entirely.
@@ -1265,11 +1272,11 @@ var SysMember = ObjectSchema.create({
1265
1272
  locations: ["list_toolbar"],
1266
1273
  type: "api",
1267
1274
  target: "/api/v1/auth/organization/add-member",
1268
- // Org-membership mutations are multi-org-only: the better-auth
1269
- // endpoints resolve an active org that does not exist in single-org
1270
- // mode, so these actions would fail at the API. Gate every one on
1271
- // the multi-org flag (mirrors sys_organization.create_organization).
1272
- visible: "features.multiOrgEnabled != false",
1275
+ // Gated on the org CAPABILITY, not multi-org (ADR-0081 D1): the
1276
+ // better-auth endpoints resolve the session's active org, which
1277
+ // single-org mode now guarantees via plugin-auth's default-org
1278
+ // bootstrap. Same gate on every membership mutation below.
1279
+ visible: "features.organization != false",
1273
1280
  successMessage: "Member added",
1274
1281
  refreshAfter: true,
1275
1282
  params: [
@@ -1287,7 +1294,7 @@ var SysMember = ObjectSchema.create({
1287
1294
  type: "api",
1288
1295
  target: "/api/v1/auth/organization/update-member-role",
1289
1296
  recordIdParam: "memberId",
1290
- visible: "features.multiOrgEnabled != false",
1297
+ visible: "features.organization != false",
1291
1298
  successMessage: "Member role updated",
1292
1299
  refreshAfter: true,
1293
1300
  params: [
@@ -1304,7 +1311,7 @@ var SysMember = ObjectSchema.create({
1304
1311
  type: "api",
1305
1312
  target: "/api/v1/auth/organization/remove-member",
1306
1313
  recordIdParam: "memberIdOrEmail",
1307
- visible: "features.multiOrgEnabled != false",
1314
+ visible: "features.organization != false",
1308
1315
  confirmText: "Remove this member from the organization? They will lose access to all org resources.",
1309
1316
  successMessage: "Member removed",
1310
1317
  refreshAfter: true
@@ -1326,7 +1333,7 @@ var SysMember = ObjectSchema.create({
1326
1333
  target: "/api/v1/auth/organization/update-member-role",
1327
1334
  recordIdParam: "memberId",
1328
1335
  bodyExtra: { role: "owner" },
1329
- visible: "record.role != 'owner' && features.multiOrgEnabled != false",
1336
+ visible: "record.role != 'owner' && features.organization != false",
1330
1337
  confirmText: "Transfer ownership of this organization to the selected member? You will be demoted to admin and lose owner-only privileges.",
1331
1338
  successMessage: "Ownership transferred",
1332
1339
  refreshAfter: true
@@ -1434,7 +1441,7 @@ var SysInvitation = ObjectSchema.create({
1434
1441
  // sys_organization.create_organization). The recipient-side
1435
1442
  // accept/reject actions below stay record-gated — they are
1436
1443
  // unreachable in single-org anyway (no invitation rows exist).
1437
- visible: "features.multiOrgEnabled != false",
1444
+ visible: "features.organization != false",
1438
1445
  successMessage: "Invitation sent",
1439
1446
  refreshAfter: true,
1440
1447
  params: [
@@ -1452,7 +1459,7 @@ var SysInvitation = ObjectSchema.create({
1452
1459
  type: "api",
1453
1460
  target: "/api/v1/auth/organization/cancel-invitation",
1454
1461
  recordIdParam: "invitationId",
1455
- visible: "features.multiOrgEnabled != false",
1462
+ visible: "features.organization != false",
1456
1463
  confirmText: "Cancel this invitation? The recipient will no longer be able to accept it.",
1457
1464
  successMessage: "Invitation canceled",
1458
1465
  refreshAfter: true
@@ -1466,7 +1473,7 @@ var SysInvitation = ObjectSchema.create({
1466
1473
  type: "api",
1467
1474
  target: "/api/v1/auth/organization/invite-member",
1468
1475
  bodyExtra: { resend: true },
1469
- visible: "features.multiOrgEnabled != false",
1476
+ visible: "features.organization != false",
1470
1477
  successMessage: "Invitation resent",
1471
1478
  refreshAfter: true,
1472
1479
  params: [
@@ -1656,7 +1663,7 @@ var SysTeam = ObjectSchema.create({
1656
1663
  // Teams are nested inside organizations — a multi-org-only concept.
1657
1664
  // Gate every team mutation on the multi-org flag so the affordances
1658
1665
  // disappear in single-org (mirrors sys_organization.create_organization).
1659
- visible: "features.multiOrgEnabled != false",
1666
+ visible: "features.organization != false",
1660
1667
  successMessage: "Team created",
1661
1668
  refreshAfter: true,
1662
1669
  params: [
@@ -1677,7 +1684,7 @@ var SysTeam = ObjectSchema.create({
1677
1684
  target: "/api/v1/auth/organization/update-team",
1678
1685
  recordIdParam: "teamId",
1679
1686
  bodyShape: { wrap: "data" },
1680
- visible: "features.multiOrgEnabled != false",
1687
+ visible: "features.organization != false",
1681
1688
  successMessage: "Team updated",
1682
1689
  refreshAfter: true,
1683
1690
  params: [
@@ -1696,7 +1703,7 @@ var SysTeam = ObjectSchema.create({
1696
1703
  type: "api",
1697
1704
  target: "/api/v1/auth/organization/remove-team",
1698
1705
  recordIdParam: "teamId",
1699
- visible: "features.multiOrgEnabled != false",
1706
+ visible: "features.organization != false",
1700
1707
  confirmText: "Delete this team? Members will lose any team-scoped access. This cannot be undone.",
1701
1708
  successMessage: "Team deleted",
1702
1709
  refreshAfter: true
@@ -1810,7 +1817,7 @@ var SysTeamMember = ObjectSchema.create({
1810
1817
  // Team membership lives under organizations — multi-org-only. Gate
1811
1818
  // both mutations so they vanish in single-org (mirrors
1812
1819
  // sys_organization.create_organization).
1813
- visible: "features.multiOrgEnabled != false",
1820
+ visible: "features.organization != false",
1814
1821
  successMessage: "Team member added",
1815
1822
  refreshAfter: true,
1816
1823
  params: [
@@ -1831,7 +1838,7 @@ var SysTeamMember = ObjectSchema.create({
1831
1838
  locations: ["list_item"],
1832
1839
  type: "api",
1833
1840
  target: "/api/v1/auth/organization/remove-team-member",
1834
- visible: "features.multiOrgEnabled != false",
1841
+ visible: "features.organization != false",
1835
1842
  confirmText: "Remove this user from the team? They will lose any team-scoped access.",
1836
1843
  successMessage: "Team member removed",
1837
1844
  refreshAfter: true,
@@ -2069,7 +2076,7 @@ var SysBusinessUnitMember = ObjectSchema.create({
2069
2076
  managedBy: "platform",
2070
2077
  description: "User assignment to a business unit (matrix-org friendly, effective-dated).",
2071
2078
  titleFormat: "{user_id} in {business_unit_id}",
2072
- highlightFields: ["user_id", "business_unit_id", "role_in_business_unit", "is_primary"],
2079
+ highlightFields: ["user_id", "business_unit_id", "function_in_business_unit", "is_primary"],
2073
2080
  fields: {
2074
2081
  id: Field.text({
2075
2082
  label: "Member ID",
@@ -2087,10 +2094,10 @@ var SysBusinessUnitMember = ObjectSchema.create({
2087
2094
  required: true,
2088
2095
  group: "Assignment"
2089
2096
  }),
2090
- role_in_business_unit: Field.select(
2097
+ function_in_business_unit: Field.select(
2091
2098
  ["member", "lead", "deputy"],
2092
2099
  {
2093
- label: "Role in Business Unit",
2100
+ label: "Function in Business Unit",
2094
2101
  required: false,
2095
2102
  defaultValue: "member",
2096
2103
  description: "`lead` is the day-to-day head; `deputy` may stand in for the lead in approval routing.",
@@ -2494,6 +2501,12 @@ var SysDeviceCode = ObjectSchema.create({
2494
2501
  icon: "key-round",
2495
2502
  isSystem: true,
2496
2503
  managedBy: "better-auth",
2504
+ // [ADR-0066 D2/④] Secure-by-default: rows are LIVE pending device-grant
2505
+ // codes — reading `user_code`/`device_code` lets an attacker hijack a
2506
+ // pending CLI login. Not covered by the wildcard `'*'` grant; admins retain
2507
+ // access via the superuser bypass; better-auth reads via its adapter
2508
+ // (system context), so the device-grant flow is unaffected.
2509
+ access: { default: "private" },
2497
2510
  // ADR-0010 §3.7 — managed by better-auth; tenants may not edit schema,
2498
2511
  // but may add overlay row-level config. Use `no-overlay` if you need to
2499
2512
  // forbid sys_metadata overlays entirely.
@@ -3089,6 +3102,11 @@ var SysOauthAccessToken = ObjectSchema.create({
3089
3102
  icon: "ticket",
3090
3103
  isSystem: true,
3091
3104
  managedBy: "better-auth",
3105
+ // [ADR-0066 D2/④] Secure-by-default: rows are LIVE bearer credentials —
3106
+ // reading one is session hijack. Not covered by the wildcard `'*'` grant;
3107
+ // admins retain access via the superuser bypass; better-auth reads via its
3108
+ // adapter (system context), so OAuth flows are unaffected.
3109
+ access: { default: "private" },
3092
3110
  // ADR-0010 §3.7 — managed by better-auth; tenants may not edit schema,
3093
3111
  // but may add overlay row-level config. Use `no-overlay` if you need to
3094
3112
  // forbid sys_metadata overlays entirely.
@@ -3175,6 +3193,11 @@ var SysOauthRefreshToken = ObjectSchema.create({
3175
3193
  icon: "refresh-cw",
3176
3194
  isSystem: true,
3177
3195
  managedBy: "better-auth",
3196
+ // [ADR-0066 D2/④] Secure-by-default: rows are LIVE long-lived credentials —
3197
+ // a refresh token mints new access tokens. Not covered by the wildcard `'*'`
3198
+ // grant; admins retain access via the superuser bypass; better-auth reads
3199
+ // via its adapter (system context), so OAuth flows are unaffected.
3200
+ access: { default: "private" },
3178
3201
  // ADR-0010 §3.7 — managed by better-auth; tenants may not edit schema,
3179
3202
  // but may add overlay row-level config. Use `no-overlay` if you need to
3180
3203
  // forbid sys_metadata overlays entirely.
@@ -3333,6 +3356,13 @@ var SysJwks = ObjectSchema.create({
3333
3356
  icon: "key",
3334
3357
  isSystem: true,
3335
3358
  managedBy: "better-auth",
3359
+ // [ADR-0066 D2/④] Secure-by-default: rows are the environment's JWT SIGNING
3360
+ // KEYS (private key material). Not covered by the wildcard `'*'` grant — an
3361
+ // ordinary member gets 403 from the generic data layer. Platform admins
3362
+ // (viewAllRecords/modifyAllRecords) retain access via the posture-gated
3363
+ // superuser bypass; better-auth itself reads via its adapter (system
3364
+ // context), so token signing/verification is unaffected.
3365
+ access: { default: "private" },
3336
3366
  // ADR-0010 §3.7 — managed by better-auth; tenants may not edit schema,
3337
3367
  // but may add overlay row-level config. Use `no-overlay` if you need to
3338
3368
  // forbid sys_metadata overlays entirely.
@@ -3646,6 +3676,14 @@ var SysScimProvider = ObjectSchema.create({
3646
3676
  icon: "users",
3647
3677
  isSystem: true,
3648
3678
  managedBy: "better-auth",
3679
+ // [ADR-0066 D3/④] Admin-only identity config carrying a live credential
3680
+ // (`scim_token` — the bearer external IdPs authenticate provisioning calls
3681
+ // with). Object-level capability gate, mirroring the sibling
3682
+ // `sys_sso_provider`: ordinary members are denied entirely (without it, the
3683
+ // `member_default` wildcard `'*': allowRead` would expose SCIM connections
3684
+ // to every authenticated user). better-auth's own endpoints read via a
3685
+ // system context, so SCIM provisioning is unaffected.
3686
+ requiredPermissions: ["manage_platform_settings"],
3649
3687
  // ADR-0010 §3.7 — managed by better-auth; tenants may not edit schema.
3650
3688
  protection: {
3651
3689
  lock: "full",
@@ -4934,6 +4972,14 @@ var SysSecret = ObjectSchema.create({
4934
4972
  icon: "key",
4935
4973
  isSystem: true,
4936
4974
  managedBy: "system",
4975
+ // [ADR-0066 D2/④] Secure-by-default: the environment's encrypted-secrets
4976
+ // store (settings/datasource credentials). Not covered by the wildcard `'*'`
4977
+ // grant — ordinary members get 403 from the generic data layer. Platform
4978
+ // admins retain access via the posture-gated superuser bypass. Internal
4979
+ // readers are unaffected: `engine.resolveSecret` reads at DRIVER level,
4980
+ // SettingsService / the datasource secret-binder read with no principal
4981
+ // (middleware falls open for principal-less internal calls).
4982
+ access: { default: "private" },
4937
4983
  description: "Cipher store referenced by sys_setting handles. Never holds plaintext.",
4938
4984
  highlightFields: ["namespace", "key", "kms_key_id", "version", "rotated_at"],
4939
4985
  listViews: {
@@ -5281,10 +5327,22 @@ var SETUP_NAV_CONTRIBUTIONS = [
5281
5327
  priority: BASE_PRIORITY,
5282
5328
  items: [
5283
5329
  { id: "nav_users", type: "object", label: "Users", objectName: "sys_user", icon: "user" },
5330
+ // The ACTIVE organization's record page (Members / Invitations / Teams
5331
+ // tabs with the better-auth row actions), rendered inside the app shell
5332
+ // (ADR-0081). `{current_org_id}` resolves from the session's active
5333
+ // organization; unresolved (e.g. org-less admin before bootstrap) it
5334
+ // falls back to the sys_organization list — one row in single-org.
5335
+ { id: "nav_organization", type: "object", label: "Organization", objectName: "sys_organization", recordId: "{current_org_id}", icon: "building-2" },
5284
5336
  { id: "nav_business_units", type: "object", label: "Business Units", objectName: "sys_business_unit", icon: "building", requiresObject: "sys_business_unit" },
5285
- { id: "nav_teams", type: "object", label: "Teams", objectName: "sys_team", icon: "users-round", requiresService: "org-scoping" },
5337
+ // Teams / Invitations no longer gate on `org-scoping` (ADR-0081 D1):
5338
+ // the better-auth organization capability is always mounted, and
5339
+ // plugin-auth's single-org default-org bootstrap guarantees an org to
5340
+ // invite into — these are the OPEN member-management basics. Only the
5341
+ // org LIST below keeps the gate: browsing organizations is meaningful
5342
+ // only when more than one can exist (enterprise multi-org).
5343
+ { id: "nav_teams", type: "object", label: "Teams", objectName: "sys_team", icon: "users-round" },
5286
5344
  { id: "nav_organizations", type: "object", label: "Organizations", objectName: "sys_organization", icon: "building-2", requiresService: "org-scoping" },
5287
- { id: "nav_invitations", type: "object", label: "Invitations", objectName: "sys_invitation", icon: "mail", requiresService: "org-scoping" }
5345
+ { id: "nav_invitations", type: "object", label: "Invitations", objectName: "sys_invitation", icon: "mail" }
5288
5346
  ]
5289
5347
  },
5290
5348
  {
@@ -5346,7 +5404,11 @@ var SETUP_NAV_CONTRIBUTIONS = [
5346
5404
  priority: BASE_PRIORITY,
5347
5405
  items: [
5348
5406
  { id: "nav_oauth_apps", type: "object", label: "OAuth Applications", objectName: "sys_oauth_application", icon: "app-window" },
5349
- { id: "nav_jwks", type: "object", label: "Signing Keys (JWKS)", objectName: "sys_jwks", icon: "key-round" },
5407
+ // nav_jwks is capability-gated (like nav_api_keys): sys_jwks is
5408
+ // `access.default:'private'` (ADR-0066 ④ — signing keys), so a
5409
+ // non-admin's list request 403s server-side; gating the nav item keeps
5410
+ // the menu honest instead of showing an entry that can only error.
5411
+ { id: "nav_jwks", type: "object", label: "Signing Keys (JWKS)", objectName: "sys_jwks", icon: "key-round", requiredPermissions: ["manage_platform_settings"] },
5350
5412
  // `sys_verification` (email/phone tokens) and `sys_device_code` (OAuth
5351
5413
  // device-grant codes) deliberately omit `list` from their `apiMethods`
5352
5414
  // (sensitive, ephemeral secrets — not browsable), so an object/list-view
@@ -6685,8 +6747,8 @@ var enObjects = {
6685
6747
  user_id: {
6686
6748
  label: "User"
6687
6749
  },
6688
- role_in_business_unit: {
6689
- label: "Role in Business Unit",
6750
+ function_in_business_unit: {
6751
+ label: "Function in Business Unit",
6690
6752
  help: "`lead` is the day-to-day head; `deputy` may stand in for the lead in approval routing.",
6691
6753
  options: {
6692
6754
  member: "member",
@@ -8638,6 +8700,7 @@ var en = {
8638
8700
  nav_marketplace_installed: { label: "Installed Apps" },
8639
8701
  // People & Organization
8640
8702
  nav_users: { label: "Users" },
8703
+ nav_organization: { label: "Organization" },
8641
8704
  nav_business_units: { label: "Business Units" },
8642
8705
  nav_teams: { label: "Teams" },
8643
8706
  nav_organizations: { label: "Organizations" },
@@ -9431,8 +9494,8 @@ var zhCNObjects = {
9431
9494
  user_id: {
9432
9495
  label: "\u7528\u6237"
9433
9496
  },
9434
- role_in_business_unit: {
9435
- label: "\u4E1A\u52A1\u5355\u5143\u5185\u89D2\u8272",
9497
+ function_in_business_unit: {
9498
+ label: "\u4E1A\u52A1\u5355\u5143\u5185\u804C\u80FD",
9436
9499
  help: "`lead` \u8868\u793A\u65E5\u5E38\u8D1F\u8D23\u4EBA\uFF1B`deputy` \u53EF\u5728\u5BA1\u6279\u8DEF\u7531\u4E2D\u4EE3\u66FF\u8D1F\u8D23\u4EBA\u3002",
9437
9500
  options: {
9438
9501
  member: "\u6210\u5458",
@@ -11381,6 +11444,7 @@ var zhCN = {
11381
11444
  group_advanced: { label: "\u9AD8\u7EA7" },
11382
11445
  nav_system_overview: { label: "\u7CFB\u7EDF\u6982\u89C8" },
11383
11446
  nav_users: { label: "\u7528\u6237" },
11447
+ nav_organization: { label: "\u7EC4\u7EC7" },
11384
11448
  nav_business_units: { label: "\u4E1A\u52A1\u5355\u5143" },
11385
11449
  nav_teams: { label: "\u56E2\u961F" },
11386
11450
  nav_organizations: { label: "\u7EC4\u7EC7" },
@@ -12140,8 +12204,8 @@ var jaJPObjects = {
12140
12204
  user_id: {
12141
12205
  label: "\u30E6\u30FC\u30B6\u30FC"
12142
12206
  },
12143
- role_in_business_unit: {
12144
- label: "\u30D3\u30B8\u30CD\u30B9\u30E6\u30CB\u30C3\u30C8\u5185\u30ED\u30FC\u30EB",
12207
+ function_in_business_unit: {
12208
+ label: "\u30D3\u30B8\u30CD\u30B9\u30E6\u30CB\u30C3\u30C8\u5185\u306E\u8077\u80FD",
12145
12209
  help: "`lead` \u306F\u65E5\u5E38\u306E\u8CAC\u4EFB\u8005\u3001`deputy` \u306F\u627F\u8A8D\u30EB\u30FC\u30C6\u30A3\u30F3\u30B0\u3067\u30EA\u30FC\u30C9\u306E\u4EE3\u7406\u3092\u52D9\u3081\u308B\u5834\u5408\u304C\u3042\u308A\u307E\u3059\u3002",
12146
12210
  options: {
12147
12211
  member: "\u30E1\u30F3\u30D0\u30FC",
@@ -14089,6 +14153,7 @@ var jaJP = {
14089
14153
  group_advanced: { label: "\u8A73\u7D30" },
14090
14154
  nav_system_overview: { label: "\u30B7\u30B9\u30C6\u30E0\u6982\u8981" },
14091
14155
  nav_users: { label: "\u30E6\u30FC\u30B6\u30FC" },
14156
+ nav_organization: { label: "\u7D44\u7E54" },
14092
14157
  nav_business_units: { label: "\u30D3\u30B8\u30CD\u30B9\u30E6\u30CB\u30C3\u30C8" },
14093
14158
  nav_teams: { label: "\u30C1\u30FC\u30E0" },
14094
14159
  nav_organizations: { label: "\u7D44\u7E54" },
@@ -14846,8 +14911,8 @@ var esESObjects = {
14846
14911
  user_id: {
14847
14912
  label: "Usuario"
14848
14913
  },
14849
- role_in_business_unit: {
14850
- label: "Rol en el departamento",
14914
+ function_in_business_unit: {
14915
+ label: "Funci\xF3n en la unidad de negocio",
14851
14916
  help: "`lead` es el responsable del d\xEDa a d\xEDa; `deputy` puede sustituir al responsable en el enrutamiento de aprobaciones.",
14852
14917
  options: {
14853
14918
  member: "Miembro",
@@ -16795,6 +16860,7 @@ var esES = {
16795
16860
  group_advanced: { label: "Avanzado" },
16796
16861
  nav_system_overview: { label: "Resumen del Sistema" },
16797
16862
  nav_users: { label: "Usuarios" },
16863
+ nav_organization: { label: "Organizaci\xF3n" },
16798
16864
  nav_business_units: { label: "Unidades de negocio" },
16799
16865
  nav_teams: { label: "Equipos" },
16800
16866
  nav_organizations: { label: "Organizaciones" },
@@ -17044,7 +17110,7 @@ var SysUserDetailPage = {
17044
17110
  },
17045
17111
  // ── Tabs: curated related lists ───────────────────────────────
17046
17112
  // Only the 4 lists that are semantically about THIS user account.
17047
- // Everything else (sys_role created_by, sys_email_template
17113
+ // Everything else (sys_position created_by, sys_email_template
17048
17114
  // updated_by, …) is incidental authorship metadata and would only
17049
17115
  // create noise.
17050
17116
  tabs: {
@@ -18564,10 +18630,6 @@ var enMetadataForms = {
18564
18630
  label: "Label",
18565
18631
  helpText: "Display label for admins"
18566
18632
  },
18567
- isProfile: {
18568
- label: "Is Profile",
18569
- helpText: "Profile = base set assigned to users. Permission Set = additive grant."
18570
- },
18571
18633
  systemPermissions: {
18572
18634
  label: "System Permissions",
18573
18635
  helpText: "List of system capability keys"
@@ -18623,10 +18685,6 @@ var enMetadataForms = {
18623
18685
  label: "Label",
18624
18686
  helpText: "Display label for admins"
18625
18687
  },
18626
- isProfile: {
18627
- label: "Is Profile",
18628
- helpText: "Profile = base set assigned to users. Permission Set = additive grant."
18629
- },
18630
18688
  systemPermissions: {
18631
18689
  label: "System Permissions",
18632
18690
  helpText: "List of system capability keys"
@@ -20202,10 +20260,6 @@ var zhCNMetadataForms = {
20202
20260
  label: "\u663E\u793A\u540D\u79F0",
20203
20261
  helpText: "\u9762\u5411\u7BA1\u7406\u5458\u7684\u663E\u793A\u6807\u7B7E"
20204
20262
  },
20205
- isProfile: {
20206
- label: "\u662F\u5426\u914D\u7F6E\u6587\u4EF6",
20207
- helpText: "\u52FE\u9009\u540E\u4F5C\u4E3A\u5B8C\u6574\u914D\u7F6E\u6587\u4EF6\uFF08\u800C\u975E\u9644\u52A0\u6743\u9650\u96C6\uFF09"
20208
- },
20209
20263
  systemPermissions: {
20210
20264
  label: "\u7CFB\u7EDF\u6743\u9650",
20211
20265
  helpText: "\u5E94\u7528\u8BBF\u95EE\u3001API\u3001\u7BA1\u7406\u64CD\u4F5C"
@@ -20261,10 +20315,6 @@ var zhCNMetadataForms = {
20261
20315
  label: "\u663E\u793A\u540D\u79F0",
20262
20316
  helpText: "\u9762\u5411\u7BA1\u7406\u5458\u663E\u793A\u7684\u6807\u7B7E"
20263
20317
  },
20264
- isProfile: {
20265
- label: "\u662F\u5426\u914D\u7F6E\u6587\u4EF6",
20266
- helpText: "\u914D\u7F6E\u6587\u4EF6 = \u5206\u914D\u7ED9\u7528\u6237\u7684\u57FA\u7840\u96C6\u5408\u3002\u6743\u9650\u96C6 = \u9644\u52A0\u6388\u4E88\u3002"
20267
- },
20268
20318
  systemPermissions: {
20269
20319
  label: "\u7CFB\u7EDF\u6743\u9650",
20270
20320
  helpText: "\u7CFB\u7EDF\u80FD\u529B\u952E\u5217\u8868"
@@ -21840,10 +21890,6 @@ var jaJPMetadataForms = {
21840
21890
  label: "\u8868\u793A\u540D",
21841
21891
  helpText: "\u7BA1\u7406\u8005\u5411\u3051\u8868\u793A\u30E9\u30D9\u30EB"
21842
21892
  },
21843
- isProfile: {
21844
- label: "\u30D7\u30ED\u30D5\u30A1\u30A4\u30EB\u304B",
21845
- helpText: "Profile = \u30E6\u30FC\u30B6\u30FC\u306B\u5272\u308A\u5F53\u3066\u308B\u57FA\u672C\u30BB\u30C3\u30C8\u3002Permission Set = \u8FFD\u52A0\u6A29\u9650\u3002"
21846
- },
21847
21893
  systemPermissions: {
21848
21894
  label: "\u30B7\u30B9\u30C6\u30E0\u6A29\u9650",
21849
21895
  helpText: "\u30B7\u30B9\u30C6\u30E0\u6A5F\u80FD\u30AD\u30FC\u306E\u30EA\u30B9\u30C8"
@@ -21899,10 +21945,6 @@ var jaJPMetadataForms = {
21899
21945
  label: "\u8868\u793A\u540D",
21900
21946
  helpText: "\u7BA1\u7406\u8005\u5411\u3051\u8868\u793A\u30E9\u30D9\u30EB"
21901
21947
  },
21902
- isProfile: {
21903
- label: "\u30D7\u30ED\u30D5\u30A1\u30A4\u30EB\u304B",
21904
- helpText: "Profile = \u30E6\u30FC\u30B6\u30FC\u306B\u5272\u308A\u5F53\u3066\u308B\u57FA\u672C\u30BB\u30C3\u30C8\u3002Permission Set = \u8FFD\u52A0\u6A29\u9650\u3002"
21905
- },
21906
21948
  systemPermissions: {
21907
21949
  label: "\u30B7\u30B9\u30C6\u30E0\u6A29\u9650",
21908
21950
  helpText: "\u30B7\u30B9\u30C6\u30E0\u6A5F\u80FD\u30AD\u30FC\u306E\u30EA\u30B9\u30C8"
@@ -23478,10 +23520,6 @@ var esESMetadataForms = {
23478
23520
  label: "Etiqueta",
23479
23521
  helpText: "Etiqueta mostrada para administradores"
23480
23522
  },
23481
- isProfile: {
23482
- label: "Es perfil",
23483
- helpText: "Profile = conjunto base asignado a usuarios. Permission Set = concesi\xF3n adicional."
23484
- },
23485
23523
  systemPermissions: {
23486
23524
  label: "Permisos del sistema",
23487
23525
  helpText: "Lista de claves de capacidades del sistema"
@@ -23537,10 +23575,6 @@ var esESMetadataForms = {
23537
23575
  label: "Etiqueta",
23538
23576
  helpText: "Etiqueta mostrada para administradores"
23539
23577
  },
23540
- isProfile: {
23541
- label: "Es perfil",
23542
- helpText: "Profile = conjunto base asignado a usuarios. Permission Set = concesi\xF3n adicional."
23543
- },
23544
23578
  systemPermissions: {
23545
23579
  label: "Permisos del sistema",
23546
23580
  helpText: "Lista de claves de capacidades del sistema"