Re: [keycloak-user] Viewing permissions

I think this is the best way to go .... In fact, this is exactly what we are pushing now with UMA 2.0 and support for asynchronous authorization. Suppose you have a "Request Access" button in case the user is not allowed to perform operation on a resource belonging to a different user. This button could be displayed based on a "test" authorization request to which you can also specify whether or not you want to start an authorization flow to get approval from resource owner. Regards. Pedro Igor On Tue, Mar 6, 2018 at 4:27 PM, Corentin Dupont <corentin.dupont(a)gmail.com > wrote: > Hi all, > I have a question around the representation and result of permissions. > Say I have an application that manages socks inventory. The UI is > displaying a button to delete socks. However, some user doesn't have the > right to delete socks! > So, I perform a request to Keycloak to get the permission. > It works well: if the user doesn't have permission, the message > "authorization denied" is displayed on the screen. > > However, it would be nicer to remove the "delete" button entirely. > My policies are quite complex and multi-dimensional: You can delete socks > if you are admin, but also if it belongs to you, you belong to some groups > etc. > So anticipating the reply to an authorization request can be very hard. > > What do you suggest? Should we perform a "test" authorization request > before display the "delete" button? > _______________________________________________ > keycloak-user mailing list > keycloak-user(a)lists.jboss.org > https://lists.jboss.org/mailman/listinfo/keycloak-user >