Re: [keycloak-dev] modeling map role fine grain permissions
Yeah, maybe that wouldn't work. How would you say something like:
This admin can manage users that belong to this group and can only
assign roles A, B, and C to members in that group.
On 4/4/17 11:41 AM, Pedro Igor Silva wrote:
Didn't get the part below.
Also, I'm curious to check how are you enforcing these permissions.
Could you link the branch you have this implemented ?
On Mon, Apr 3, 2017 at 11:58 AM, Bill Burke <bburke(a)redhat.com
<mailto:bburke@redhat.com>> wrote:
MORE FINE GRAIN PERMISSIONS
We also want to solve the case of allowing an admin to be able to map
specific roles for members of a specific group. To do this we'll add
another policy type called "Has Permission". Here you'll be able to
link a permission to a policy. So, to solve the use case for specific
roles for members of a specific group, we can edit the "map-role"
permission for a specific role and add a "Has Permission" that
links to
the permission that the admin has "manage-users" scope for a specific
group. Hope I'm making sense on this one.
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org <mailto:keycloak-dev@lists.jboss.org>
https://lists.jboss.org/mailman/listinfo/keycloak-dev
<https://lists.jboss.org/mailman/listinfo/keycloak-dev>