[keycloak-dev] roles vs. groups
Bill Burke
bburke at redhat.com
Thu Nov 5 08:43:25 EST 2015
On 11/4/2015 9:36 AM, Pedro Igor Silva wrote:
>> There really is no equivalent in Java EE for leveraging a
>> User/Role/Group relationship. We'd have to add it to our adapters.
>> Isn't "users of Group A have the manager role" enough?
>
> For most cases yes. But if you want to be more flexible you can support that as well. IIRC, Hawkular wants group role. And it might be useful for others as well.
>
Doesn't User/Role/Group start to overlap with what you're doing? I
thought Hawkular wanted a permission model so that you could assign
permissions to resources based on group membership. If I added a
user/role/group relationship mapping, wouldn't people start using that
to implement similar permission model to what you are doing?
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
More information about the keycloak-dev
mailing list