Hi,
since I got no response to my previous email and i can see some action
happening in the mailing list, I will try to forward my question and
explain it again.
* Can a user update their own custom attributes ? I want to use custom
attributes to store data that would help in creating policies for
their permissions. From what i could understand from previous
discussions, it looks like users cannot, but its not confirmed or
mentioned anywhere.
* Related to the question above, is there a defined structure/ pattern
to define resource ownership in keycloak, eg. user-id *"xx"* is a
manger of resource-id *"yy"* , user-id "*aa*" is a viewer of
resource-id "*bb*" and so on and so forth.
From my question last time, What are the best practices to map
roles to specific resources? For example if i have a role called as
shop_owner how do i map a user with that role to a specific shop
(for example). Is this something that keycloak has defined
structures for ? How can i achieve such a structure with keycloak
and with/without using the keycloak authorization/resource services.
Some help or push in the right direction would be helpful.
Regards,
Avinash
-------- Forwarded Message --------
Subject: regarding custom attributes and mapping resources to users
Date: Tue, 20 Dec 2016 16:14:03 +0545
From: Avinash Kundaliya <avinash(a)avinash.com.np>
To: keycloak-user(a)lists.jboss.org
Hello Community,
I am fairly new to using keycloak and still getting immersed into the
authentication and authorization jargons. I have some basic queries that
i am curious about.
* Regarding the custom attributes for each user
(
https://keycloak.gitbooks.io/server-adminstration-guide/content/topics/us...).
Is this something that a user can edit for themselves or is
something for an administrator to manage custom content for the
user? Basically, as an administrator can I put information that
should be hidden from the user as a custom attribute ?
* My second question is more about architecture of applications with
authentication and authorization. What are the best practices to map
roles to specific resources? For example if i have a role called as
shop_owner how do i map a user with that role to a specific shop
(for example). Is this something that keycloak has defined
structures for ? How can i achieve such a structure with keycloak
and with/without using the keycloak authorization/resource services.
Looking forward to some constructive discussions and some answers to the
basic issues I have.
Regards,
Avinash