[keycloak-dev] modeling map role fine grain permissions
bburke at redhat.com
Wed Apr 5 17:18:21 EDT 2017
Yeah, maybe that wouldn't work. How would you say something like:
This admin can manage users that belong to this group and can only
assign roles A, B, and C to members in that group.
On 4/4/17 11:41 AM, Pedro Igor Silva wrote:
> Didn't get the part below.
> Also, I'm curious to check how are you enforcing these permissions.
> Could you link the branch you have this implemented ?
> On Mon, Apr 3, 2017 at 11:58 AM, Bill Burke <bburke at redhat.com
> <mailto:bburke at redhat.com>> wrote:
> MORE FINE GRAIN PERMISSIONS
> We also want to solve the case of allowing an admin to be able to map
> specific roles for members of a specific group. To do this we'll add
> another policy type called "Has Permission". Here you'll be able to
> link a permission to a policy. So, to solve the use case for specific
> roles for members of a specific group, we can edit the "map-role"
> permission for a specific role and add a "Has Permission" that
> links to
> the permission that the admin has "manage-users" scope for a specific
> group. Hope I'm making sense on this one.
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org <mailto:keycloak-dev at lists.jboss.org>
More information about the keycloak-dev