Re: [keycloak-user] Scope Permissions with Resource Type

Hi, I have a client authorization set-up like the following: RERSOURCE_1: [SCOPE_READ, SCOPE_WRITE], RESOURCE_TYPE_ALPHA RERSOURCE_2: [SCOPE_READ, SCOPE_WRITE], RESOURCE_TYPE_ALPHA RERSOURCE_3: [SCOPE_READ, SCOPE_WRITE], RESOURCE_TYPE_ALPHA USER_1: USER_GROUP_A USER_2: USER_GROUP_A USER_GROUP_A_POLICY: GRANT ACCESS TO USER_GROUP_A I want to create permissions to give only SCOPE_READ access (not SCOPE_WRITE access) to USER_GROUP_A for RESOURCE_TYPE_ALPHA. If I create a resourced based permission then it will give grant access to both scopes. Unfortunately I cannot create a scope based permission because scope permission does not support resource type. It only supports resource. If I want to use scoped based permission then I have to create permission for every single resource in my resource type. I was wondering if there is a reason that scope based permission does not support resource type? Also anyone has any idea how I can achieve my requirement given the limitations that we have? Is there a way to create a policy that grants access only to a certain scope? Cheers Farzad _______________________________________________ keycloak-user mailing list keycloak-user(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-user