Best regards,
*Stefan Wachter
INST-ICM/BSV-BS*
Tel. +49(711)811-58477
*Be**QIK
*
Am 18.07.2018 um 16:10 schrieb Pedro Igor Silva:
Could you file a JIRA for this, please ? Let's see what
others thinks
about it ...
Thanks.
On Wed, Jul 18, 2018 at 9:53 AM, stefan.wachter
<stefan.wachter(a)bosch-si.com <mailto:stefan.wachter@bosch-si.com>> wrote:
Agree. However, if a resource owner does not have enough grants by
default then the approval mechanism should kick in. This is at
least what the response error "request_submitted" indicates.
Best regards,
*Stefan Wachter
INST-ICM/BSV-BS*
Tel. +49(711)811-58477
*Be**QIK
*
Am 18.07.2018 um 14:11 schrieb Pedro Igor Silva:
> The owner of a resource does not grants necessarily access to the
> resource. So, yeah, you need some policy to actually define who
> can access (the owner) the resource. I'm not sure if makes sense
> to owners approve requests to access their resources though.
>
> On Wed, Jul 18, 2018 at 6:30 AM, stefan.wachter
> <stefan.wachter(a)bosch-si.com
> <mailto:stefan.wachter@bosch-si.com>> wrote:
>
> As a work-around I added a policy that authorizes resource
> owners:
>
> if ($evaluation.getContext().getIdentity().getId() ==
> $evaluation.getPermission().getResource().getOwner())
> $evaluation.grant()
>
> and a permission that uses that policy.
>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
> <mailto:keycloak-user@lists.jboss.org>
>
https://lists.jboss.org/mailman/listinfo/keycloak-user
> <
https://lists.jboss.org/mailman/listinfo/keycloak-user>
>
>