[keycloak-dev] modeling map role fine grain permissions

Bill Burke bburke at redhat.com
Wed Apr 5 17:18:21 EDT 2017

Yeah, maybe that wouldn't work.  How would you say something like:

This admin can manage users that belong to this group and can only 
assign roles A, B, and C to members in that group.

On 4/4/17 11:41 AM, Pedro Igor Silva wrote:
> Didn't get the part below.
> Also, I'm curious to check how are you enforcing these permissions. 
> Could you link the branch you have this implemented ?
> On Mon, Apr 3, 2017 at 11:58 AM, Bill Burke <bburke at redhat.com 
> <mailto:bburke at redhat.com>> wrote:
>     We also want to solve the case of allowing an admin to be able to map
>     specific roles for members of a specific group.  To do this we'll add
>     another policy type called "Has Permission".  Here you'll be able to
>     link a permission to a policy.  So, to solve the use case for specific
>     roles for members of a specific group, we can edit the "map-role"
>     permission for a specific role and add a "Has Permission" that
>     links to
>     the permission that the admin has "manage-users" scope for a specific
>     group.  Hope I'm making sense on this one.
>     _______________________________________________
>     keycloak-dev mailing list
>     keycloak-dev at lists.jboss.org <mailto:keycloak-dev at lists.jboss.org>
>     https://lists.jboss.org/mailman/listinfo/keycloak-dev
>     <https://lists.jboss.org/mailman/listinfo/keycloak-dev>

More information about the keycloak-dev mailing list