Hi,
We're looking into Keycloak Authorization services, but currently, we can't
get our heads around configuring in Keycloak a policy the following
authorization requirement:
Suppose we have a corporate Google-docs-like app, where every document has
a clearance level (e.g. confidential, internal, public). Every user has its
own permission level, which indicates whether the user is allowed to access
confidential, internal or public documents.
Could you please advise as to how to implement such requirements into
Keycloak Authorization services?
Assuming this isn't currently supported, a simple solution seems to be
implementing the ability to set resource attributes and make them available
to policy construction. Would you be considering implementing such approach
(or any other)?
Best regards,
Thiago Presa