Ok. I understand. However, I would like to set the policy that allows a
certain user to access a resource upfront. For example when a resource
owner decides to share a resource with someone by sending an email she
wants to set the necessary policy at the same time (and not later on in
a separate approval step). This is what the User Management UI already
offers. But I would like to implement that functionality by API calls.
Best regards,
*Stefan Wachter
INST-ICM/BSV-BS*
Tel. +49(711)811-58477
*Be**QIK
*
Am 18.07.2018 um 14:20 schrieb Pedro Igor Silva:
On Wed, Jul 18, 2018 at 5:43 AM, stefan.wachter
<stefan.wachter(a)bosch-si.com <mailto:stefan.wachter@bosch-si.com>> wrote:
Hi,
how can one set a user policy, (i.e. a set of users) to a user
managed
resource? Looking at the class
org.keycloak.representations.idm.authorization.UmaPermissionRepresentation
I do not see a field that could be used for specifiying a set of
user ids.
For users, the idea is that you would probably want to follow UMA
flow. The idea behind this endpoint is allow resource servers to
define additional permissions (in addition to users as provided by UMA
flow) and still allow users to revoke them.
public class UmaPermissionRepresentationextends
AbstractPolicyRepresentation {
private Stringid;
private Stringdescription;
private Set<String>roles;
private Set<String>groups;
private Set<String>clients;
private Stringcondition;
...
}
public class AbstractPolicyRepresentation {
private Stringid;
private Stringname;
private Stringdescription;
private Stringtype;
private Set<String>policies;
private Set<String>resources;
private Set<String>scopes;
private Logiclogic = Logic.POSITIVE;
private DecisionStrategydecisionStrategy =
DecisionStrategy.UNANIMOUS;
private Stringowner;
...
}
BTW: Why does the derived UmaPermissionRepresentation class have
an id
and description field of its own? I think these fields are inherited
from its base class AbstractPolicyRepresentation.
Good point. Need to refactor this.
--
Best regards,
*Stefan Wachter
INST-ICM/BSV-BS*
Tel. +49(711)811-58477
*Be**QIK
*
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org <mailto:keycloak-user@lists.jboss.org>
https://lists.jboss.org/mailman/listinfo/keycloak-user
<
https://lists.jboss.org/mailman/listinfo/keycloak-user>