What is the "source" field on type AclEntry for?


It’s of type string but there is no further documentation or explanation available.


From the Access Control in-depth documentation:

The member field indicates who is being authorized to read, update, or remove the object instance. This can either be User or Role. The canUpdate, canRemove and canModifyAcl fields indicate the action being authorized. There is no need for a canRead field since the existence of an Acl entry implicitly authorizes read access. Also, there is no need for a canCreate field since Acl entries are relevant only for objects that already exist. The source field will be a text value indicating whether the Acl entry was manually entered, automatically generated, or some other value indicating how the entry was created.

This should also be documented in the type, I will add it.