[keycloak-user] End user sharing of his resource removes permission to his resource

Geoffrey Cleaves geoff at opticks.io
Fri Nov 16 09:14:01 EST 2018 

Hi Pedro,

I appreciate your efforts on this. I imported your JSON config into a new
client and have the same exact problem. I've updated the ticket with a
screen shot. By default, Alice has album:view and album:edit rights to her
Book. But once she give my user the album:view right, she looses that right.

Regards,
Geoffrey Cleaves







On Thu, 15 Nov 2018 at 22:38, Pedro Igor Silva <psilva at redhat.com> wrote:

> Hi Geoffrey,
>
> I could not reproduce this in 4.6.0.Final. If that video is still valid,
> the report from the evaluation tool should not show the
> "user-managed-permission" if you are running using the resource owner. That
> is weird.
>
> In any case, I've attached to that JIRA the settings I used(and similar to
> what we have in tests) to try to reproduce the issue.
>
> Regards.
> Pedro Igor
>
> On Thu, Nov 15, 2018 at 12:46 PM Geoffrey Cleaves <geoff at opticks.io>
> wrote:
>
>> I still have this issue in 4.6.0.Final
>>
>> Regards,
>> Geoffrey Cleaves
>>
>>
>>
>>
>>
>>
>>
>> On Mon, 12 Nov 2018 at 13:34, Pedro Igor Silva <psilva at redhat.com> wrote:
>>
>>> Hi,
>>>
>>> It should be fixed by https://issues.jboss.org/browse/KEYCLOAK-8445.
>>> Fix will be available in the next release.
>>>
>>> Regards.
>>> Pedro Igor
>>>
>>> On Mon, Nov 12, 2018 at 10:23 AM Geoffrey Cleaves <geoff at opticks.io>
>>> wrote:
>>>
>>>> I'm experiencing unexpected results and believe there is a bug. I am
>>>> losing
>>>> permissions to my resource after sharing my resource with another user.
>>>>
>>>> Resource owner rs1 has read and edit rights to his resource1 through a
>>>> JS
>>>> policy and permission which grants the resource owner the rights.
>>>>
>>>> If rs1 uses the My resources screen to grant another user, rs2, the read
>>>> scope to resource1, rs1 looses the right to the read scope.
>>>>
>>>> Please see JIRA https://issues.jboss.org/browse/KEYCLOAK-8794 and the
>>>> screen cast within the JIRA.
>>>> _______________________________________________
>>>> keycloak-user mailing list
>>>> keycloak-user at lists.jboss.org
>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>
>>>

More information about the keycloak-user mailing list