[keycloak-dev] Group Based Policy
Pedro Igor Silva
psilva at redhat.com
Tue Jun 6 14:37:38 EDT 2017
Hi All,
I'm adding a Group Based Policy to our set of supported policies.
Basically, this policy allows you to define the group(s) you want to give
access to some resource or scope.
Would like to share my initial scope with you and see if you guys have
anything else to add:
* Users can select one or more groups
* Users can define groups using paths (e.g.: /Group A/Group B/*, /Group A,
/Group A/Group B)
* Users can decide whether or not access is granted if the identity is a
member of all or any of the selected groups
* Users can decide whether or not access extends to sub-groups of a parent
group
Please, let me know your thoughts.
Regards.
Pedro Igor
More information about the keycloak-dev
mailing list