Re: [keycloak-user] How to implement access to resources based on resource roles

Hi Pedro, Thanks a lot for your answer. I will have a look at the three things you are suggesting: groups, resource types and pushing claims. At the moment I'm having a deeper look at the Policy Enforcer documentation. I consider that I read that part of the documentation and did not get it right. As you suggest, pushing claims can simplify my policies. I had a look at the app-authz-rest-employee[1] and app-authz-rest-springboot[2] examples. I already have some ideas about it after going through them. I will post an update after trying a little more. Just one last question: in the first post I asked if using one client per organisation would be a good idea or not. Has anybody some advice about this? I don't know if I'm using the client to do something it's not supposed to do. Thanks again, Alfonso -------- [1] https://github.com/keycloak/keycloak-quickstarts/tree/latest/app-authz-re... [2] https://github.com/keycloak/keycloak-quickstarts/tree/latest/app-authz-re... Alfonso Alba García wrote: