[keycloak-user] Authorization services: Trying to model authz for a typical application.

Ushanas Shastri ushanas.shastri at viteos.com
Thu Aug 11 11:53:44 EDT 2016 

Classification: INTERNAL
Hello,

We've trying to model them as Client Roles, as these roles are not realm level, and can change for each client.

Regards, Ushanas.
Viteos Fund Services Ltd | www.viteos.com
Direct : +91-22-61082230 | US : +1- 888-821-7561 extn 240
Cell : +91-9820225580
Email : ushanas.shastri at viteos.com

-----Original Message-----
From: Pedro Igor Silva [mailto:psilva at redhat.com] 
Sent: Thursday, August 11, 2016 9:22 PM
To: Ushanas Shastri
Cc: keycloak-user at lists.jboss.org
Subject: Re: [keycloak-user] Authorization services: Trying to model authz for a typical application.

----- Original Message -----
> From: "Ushanas Shastri" <ushanas.shastri at viteos.com>
> To: keycloak-user at lists.jboss.org
> Sent: Thursday, August 11, 2016 4:33:19 AM
> Subject: Re: [keycloak-user] Authorization services: Trying to model authz for a typical application.

> 
> User A can view applications across all Zones, but approve or reject 
> applications only if they are from Zone A.
> 
> User B can only view applications from Zone B, and cannot do anything else.
> 
> User C can do all actions for all Zones.
> 

Do they represent roles in your application ? For instance, User A would be a "manager" role and User C an "administrator" role ?
This message is for the named person's use only. It may contain confidential, proprietary or legally privileged information. No confidentiality or privilege is waived or lost by any mis-transmission. If you receive this message in error, please immediately delete it and all copies of it from your system, destroy any hard copies of it and notify the sender. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient. Viteos Capital Market Services Ltd.and any of its subsidiaries each reserve the right to monitor all e-mail communications through its networks. Any views expressed in this message are those of the individual sender, except where the message states otherwise and the sender is authorized to state them to be the views of any such entity

More information about the keycloak-user mailing list