Hi everyone, I need to create a fine-grained permissions system for backend resources using KeyCloak and looking for potential solutions of the problem. I've already checked resource management feature <http://www.keycloak.org/docs/3.3/authorization_services/topics/resource/o...;, but it doesn't work for me for the multiple reasons and has very limited integration in Java, so I don't consider it anymore. So another solution I came up with is having permission system based on roles and composite roles <http://www.keycloak.org/docs/3.3/server_admin/topics/roles/composite.html>;. [role-name] (composite) - tenants:[permission] (composite) - tenants:[tenant-identifier]:[permission] (composite) - tenants:[tenant-identifier]:[tenant-resource]:[permission] (composite) - tenants:[tenant-identifier]:[tenant-resource]:[tenant-resource-identifier]:[permission] (non-composite) Permissions can be like create/read/update/delete and the plus of this is that it can scale if we'd have sub-resources. On the backend, I'll be able to create filters for these permissions and integrate it with Spring Security. I'm looking for opinions and would like to know if this is a valid structure or there are some other solutions which can be used. Any opinions on this? Regards, Yuriy