[keycloak-user] Fwd: Multi-tiered Permissions

[Warren, Scott]

Jumped the gun on that last response:
1. I can configure the policy enforcer with claim-information-point to
extract information from the request
2. Assuming I'm correct in that this information is not easily stored in
Keycloak, I need to set up an external Claim Information Point (CIP) either
as an HTTP service or by implementing the CIP SPI.

This seems like the most elegant path, though I really didn't want to
create a separate app and DB to maintain this data.

Any thoughts?