[keycloak-user] Share resource by checking if some other user is in a certain group

Tuesday, 13 February 2018

 Hello,

After some time of using keycloak which works great for most of my demands,
I wanted to know if it's possible to create a permission with a policy that
will tell me if some user (not the one which is logged in) is within a
certain group.

For example:

User 1 have a digital wallet.
This digital wallet have a resource:
name: /wallet/{wallet-id}
uri: /{user-1-id}/wallet/{wallet-id}
scopes: charge/read/...

User 2 have a company which is represented as a group

User 2 wants to charge user 1 digital wallet but I want him to only be able
to do so when user 1 is inside user 2 company's group

How can I check this with a policy?
Or somehow share user 1 resource with user 2 by a policy?

Thanks!

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

[keycloak-user] Share resource by checking if some other user is in a certain group