Re: [keycloak-user] shared UMA 2.0 resource & scope based policies
On Wednesday, 16 January 2019 19:38:45 HKT Pedro Igor Silva wrote:
Here it is.
Thanks! The difference between your evaluation test and mine appears to be
that you tested the shared scope.
To summarize:
a) Alice does allow Bob to perform album:view.
b) Alice does not allow Bob to perform album:modify.
When Bob tries to access album:view I'd expect PERMIT whereas when
album:modify is attempted DENY should be the result. Do we agree ?
I attached screenshots for both evaluation attempts. Both (view and modify)
yield PERMIT. That should not be the case or am I missing something ?
Regards,
Marek
Attachments:
- signature.asc (application/pgp-signature — 488 bytes)
- bob_album_view.png (image/png — 39.8 KB)
- bob_album_modify.png (image/png — 37.2 KB)
