[keycloak-dev] [authz] Roles as first class citizens

Bill Burke bburke at redhat.com
Sat Apr 1 09:11:36 EDT 2017

I find creating role policies as cumbersome.  Also, how is the admin 
supposed to know if a policy with a specific role has already been 
created or not?  Maybe policies can have DENY and PERMIT role lists.  
when creating permissions you can just pick roles to add/remove to the 
permission.  I think the most used, most common case (90% of the time?) 
will be assigning role permissions to resources so we should make it as 
easy as possible.  Both within the admin UI and APIs.  Thoughts?


More information about the keycloak-dev mailing list