[keycloak-user] Delegating sharing responsibilities for UMA resources?
Pedro Igor Silva
psilva at redhat.com
Mon Nov 5 13:01:20 EST 2018
Currently, you can not set groups as resource owners. However we have a
User-Managed Policy API that can be used for what you are looking for.
Please, take a look at this doc [1].
It supports not only group policies, but user, role and more complex
policies using JS.
[1]
https://www.keycloak.org/docs/latest/authorization_services/index.html#_service_authorization_uma_policy_api
On Mon, Nov 5, 2018 at 2:24 PM Ulrik Sjölin <ulrik.sjolin at gmail.com> wrote:
> Hello,
>
> I find the request-response mechanism of UMA very interesting and
> think it would
> be very useful where I work. But I have not found a way to scale it…
>
> Is it possible for a resource owner to delegate the responsibilities
> for sharing
> resources to other users? Consider a large organisation that owns a
> large set or
> resources and has a large number of users. The organisation wants to
> have a group
> of admins to handle answering the requests that comes in from the users
> asking
> for access to different resources.
>
> What is the best-practice way for handling a use case like this?
> Is it possible to assign a group as resource owner?
>
> Best Regards,
>
> Ulrik Sjölin
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
More information about the keycloak-user
mailing list