Introduce a way to represent "all entitlements"

[SupunS]

Issue to be solved

Need a way to represent "all entitlements", e.g: something authorized to have the same access as owner-access has.

Refer to the discussion here: #2588 (comment)

Suggested Solution

No response

[turbolent]

Let's see if the edge-case for which this was proposed is actually encountered in the real-world, it might not be necessary at all.

[dsainati1]

I am against adding any kind of owner entitlement. It would introduce a huge footgun into the language by allowing users to accidentally hand out more authority/permission than they had intended to. The current design forces users to explicitly list out all the entitlements/permissions they are intending to provide, this would allow users to bypass this easily. Indeed this would make the anti-pattern easier and more convenient than the correct pattern.

Additionally I think the use case presented in #2588 (comment) is an edge case that is not worth introducing such a large change into the language to solve it. We are expecting a very small portion of users to actually use entitlement mappings, and even smaller portion of those to use mappings that include the identity. This use case only comes up when someone uses both these features on a field with an AnyStruct or AnyResource type, and as such should be vanishingly rare. I agree we can reconsider this if people start complaining, but I would do so with a lot of caution.