Re: [keycloak-user] RPT can not be issued to resource owner
Agree. However, if a resource owner does not have enough grants by
default then the approval mechanism should kick in. This is at least
what the response error "request_submitted" indicates.
Best regards,
*Stefan Wachter
INST-ICM/BSV-BS*
Tel. +49(711)811-58477
*Be**QIK
*
Am 18.07.2018 um 14:11 schrieb Pedro Igor Silva:
The owner of a resource does not grants necessarily access to the
resource. So, yeah, you need some policy to actually define who can
access (the owner) the resource. I'm not sure if makes sense to owners
approve requests to access their resources though.
On Wed, Jul 18, 2018 at 6:30 AM, stefan.wachter
<stefan.wachter(a)bosch-si.com <mailto:stefan.wachter@bosch-si.com>> wrote:
As a work-around I added a policy that authorizes resource owners:
if ($evaluation.getContext().getIdentity().getId() ==
$evaluation.getPermission().getResource().getOwner())
$evaluation.grant()
and a permission that uses that policy.
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org <mailto:keycloak-user@lists.jboss.org>
https://lists.jboss.org/mailman/listinfo/keycloak-user
<https://lists.jboss.org/mailman/listinfo/keycloak-user>