[keycloak-user] group membership policy was: How to implement this using Keycloak
Milan Simonovic
amavisto at gmail.com
Sun Sep 2 17:04:44 EDT 2018
Hi all,
there was a post in 2016 that kind of descibes my problem: http://lists.jboss.org/pipermail/keycloak-user/2016-July/007069.html <http://lists.jboss.org/pipermail/keycloak-user/2016-July/007069.html> unfortunately without any concrete pointers or examples.
To paraphrase:
there’s a protected resource called Project,
and an owner a Project Manager. Each project manager has access to only their own projects (owner-only policy).
Project Managers in turn report to one or more Portfolio Managers. A Portfolio Manager should be able to access all his/her project manager's projects (portforlio-manager policy).
Let’s assume the system design if flexible and this fact who are the Portfolio Managers for a particular Project Manager
can be either kept inside Keycloak or in the client app itself. How can this be implemented as a JavaScrtipt
authorization policy in Keycloak? I guess the request can be injected with this info somehow but can’t figure it out from the docs.
regards,
Milan
More information about the keycloak-user
mailing list