[keycloak-user] Fwd: Multi-tiered Permissions

[Warren, Scott]

Yeah, I made my original example very simple as I was trying to point out
the multi-tiered permission issue rather than getting bogged down in the
myriad of scopes. Users can have 1-to-many scopes across several stores.
It's not as simple as "if primary store grant this scope set, else grant
that scope set". Life would be a lot easier if it was :)
It sounds like a CIP service accessing an external DB is the 'correct'
answer for this scenario. I see no other clean way to tie
users->stores->scopes.
Thanks for your help!