Hi Dmitry,
do you know if there is any way to retrieve the group context of a role?
My use case would be that I have multiple sport clubs (group) with
multiple teams (subgroup)
-club1
--team1_1
--team1_2
-club2
--team2_1
--team2_1
I have for example the role COACH but of course this role makes only
sense in context of the team.
As far as I understand keycloak this is currently not possible
Kind Regards,
Max
Am 10.07.18 um 14:58 schrieb Dmitry Telegin:
Hi Vinay,
From my experience, I'd tell that:
- roles are more likely to reflect person's functions in the
organization;
- groupsĀ are more likely to reflect organizational structure.
For example, if there are offices and departments (like "NY Office",
"IT Department"), that would normally map to nested groups.
On the other hand, business functions would rather map to roles (like
"managers", "developers", "sysadmins" etc.)
There's also a number of technical differences:
- akin to nested groups, there are composite roles. However, the logic
is different: if you grant a composite role to a user, every child role
would be granted, too (which is not true for groups);
- you can assign a role to a group (not vice versa);
- by default, Keycloak adapters can restrict access based on roles
only. If you want to use groups for the same, you'll need to turn on
authorization services and create corresponding policies.
Could you please elaborate on your particular use case? If you describe
it briefly, I think we'll be able decide what's better for you.
Dmitry Telegin
CTO, Acutus s.r.o.
Keycloak Consulting and Training
Pod lipami street 339/52, 130 00 Prague 3, Czech Republic
+42 (022) 888-30-71
E-mail: info(a)acutus.pro
On Mon, 2018-07-09 at 12:39 -0400, Vinay wrote:
> What is a difference between keycloak roles and usergroups ? are they
> interchangeable i.e. can we use roles instead of groups or vice versa
> to
> address a problem ? Is it possible to have roles within roles, just
> like
> groups ?
> A clear guidelines on how to use groups and roles will help.
>
> thanks
> /Vinay
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
>
https://lists.jboss.org/mailman/listinfo/keycloak-user
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user