[keycloak-user] How to get permission to all child resources
Nhut Thai Le
ntle at castortech.com
Sun Mar 4 11:09:43 EST 2018
Hello,
We are new to Keycloak and we are exploring its abilities for securing our
web api. One things we are trying to do is to get all permissions
associated with a user for all child resources in a RPT. For example, let's
say I'm trying to expose the folder Document on my file system to the
network via REST. This Document folder may have millions of files and
subfolders, most of them are accessible by all Users, some are only
available to Admin, and some are for Customers only.
On Keycloak server, i would define 3 resources named:
"All Docs" with URL /Document/* and Role policy granting access to all Users
"For Admin" with URL /Document/Administration/* and Role policy granting
access to only Admins
"For Customer" with URL /Document/Products/* and Role policy granting
access to only Customers
If i use the entitlement API, i can ask if Sarah who is a Users and a
Customers can access "All Docs". However, if Sarah want to know/list all
files under /Document/Administration/Contracts/Sarah/* then how should i
ask entitlement API since this URL is not declared as a resource in
Keycloak? If i can call the API for this path, I would like to receive from
the API some permissions info starting from /Document/Administration
because this is the closest ancestor known to Keycloak regarding the path
being asked.
Hope to get some insight soon
Thai
More information about the keycloak-user
mailing list