Re: [keycloak-dev] Introduce role attributes
I don't think we should add attributes to roles. It would introduce
complexity and also potentially have performance/memory impacts.
I also struggle to see how you would use attributes associated with roles.
Are you thinking that would be mapped into the token together with the role
name?
On Tue, 3 Jul 2018 at 07:37, Lösch, Sebastian <
Sebastian.Loesch(a)governikus.de> wrote:
Hi developers,
we are currently setting up a project using keycloak and need to model:
- representative roles, i.e. roles that are given temporarily from one
user to another e.g. in holiday times
- roles contain entitlements on business objects
The current role object in keycloak is not sufficent for our use cases.
Searching for a solution I stumbled over
https://issues.jboss.org/browse/KEYCLOAK-961
Introducing role attributes would solve my challenges. Also this fits well
in the keycloak data model, as there are already user attributes, group
attributes, realm attributes.
So I would like to add role attributes to keycloak in the style of group
attributes.
What do you think?
Best regards,
Sebastian
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev