Hi Keycloak-Community, I need some help setting up a role based authorization with keycloak. Suppose you have authorization data model like this: { "roles": { "publisher": [ { "resource": "/telemetry", "activities": [ "WRITE" ] } ], "consumer": [ { "resource": "/telemetry", "activities": [ "READ" ] } ] }, "users": { "client-sender": { "password": "secret", "authorities": [ "publisher" ] }, "client-receiver": { "password": "secret", "authorities": [ "consumer" ] } } } Users (service account clients) and roles (defined for client called my-application) can be easily integrated into keycloak. An example access token should look like this: { "jti": "9290a241-45ad-4c14-b6e3-fdf906c7c102", "exp": 1511887924, "clientId": "client-sender", ... "resource_access": { "my-application": { "roles": [ "publisher" ] } } } In keycloak, when enabling "Fine-grained authorization support" for the application (client called my-application), resources (like "/telemetry") and permissions (like "WRITE") can be defined. The question is: How do I get the connection between resources/permissions and the roles? Or to be more precise, how to get those resources/permissions into the access token? Thanks a lot in advance, Oliver Fischer