11:10 a.m.
Hello,
Is there a way to manage fine grained authorizations with Keycloak like
in the following scenario?
There are Users and Reports.
If i'm logged in as "user1", I can only view my reports
So there is REST endpoint on Resource Server:
GET /reports/ - Return set of reports that belong to logged user
How can i use Keycloak to filter data records by user?
Thank you for your help
6:57 a.m.
Hello Luca,
I believe what you will want to do is pass the user's authentication token into your
call in your "GET /reports/" call on the resource server and have it pull the
relevant user information from the token, such as user name or email, and then use it to
limit the query you do to for a filter reports for that user.
Another mechanism would be to create realm roles in keycloak that correspond to various
application functionality and assign those roles to your users. Once a user is
authenticated and the token is returned, the role assigned to the user will also appear in
the token, so you can use those to control what the user has access to on your resource
server.
-----Original Message-----
From: keycloak-user-bounces(a)lists.jboss.org <keycloak-user-
bounces(a)lists.jboss.org> On Behalf Of Luca Luca
Sent: Friday, October 5, 2018 12:11 PM
To: keycloak-user(a)lists.jboss.org
Subject: [keycloak-user] Keycloak ACL data access
CAUTION: This email originated from outside of the organization. Do not click
links or open attachments unless you recognize the sender and know the
content is safe.
Hello,
Is there a way to manage fine grained authorizations with Keycloak like in the
following scenario?
There are Users and Reports.
If i'm logged in as "user1", I can only view my reports
So there is REST endpoint on Resource Server:
GET /reports/ - Return set of reports that belong to logged user
How can i use Keycloak to filter data records by user?
Thank you for your help
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
2258
days inactive
2261
days old
1 comments
2 participants
participants (2)
-
Don Reynolds (dreynold) -
Luca Luca