Re: [keycloak-user] Group policy for authorization.

Hi R, you can use a Group Mapper to add the group to the access token and then create a JavaScript Policy that checks the group membership. E.g. when using 'group' as 'Token Claim Name' property of the group mapper var identity = $evaluation.getContext().getIdentity(); var attributes = identity.getAttributes(); var n = attributes.getValue('group').size(); for (i = 0; i < n; i++) { var group = attributes.getValue('group').asString(i); if (group == "name of group needed to acces the resource") { $evaluation.grant(); } } Regards Bettina -----Ursprüngliche Nachricht----- Von: keycloak-user-bounces(a)lists.jboss.org [mailto:keycloak-user-bounces@lists.jboss.org] Im Auftrag von rafterjiang Gesendet: Dienstag, 13. Juni 2017 19:42 An: keycloak-user(a)lists.jboss.org Betreff: [keycloak-user] Group policy for authorization. Hello, Is there a *group policy *that we can use for authorization? This way we can simply add new user to the group that we have created and the user can automatically gain access to the resource. Right now we have to create policy for every single new user and assign to the resource. Thanks, R -- View this message in context: http://keycloak-user.88327.x6.nabble.com/Group-policy-for-authorization-t... Sent from the keycloak-user mailing list archive at Nabble.com. _______________________________________________ keycloak-user mailing list keycloak-user(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-user