Hi, We're looking into Keycloak Authorization services, but currently, we can't get our heads around configuring in Keycloak a policy the following authorization requirement: Suppose we have a corporate Google-docs-like app, where every document has a clearance level (e.g. confidential, internal, public). Every user has its own permission level, which indicates whether the user is allowed to access confidential, internal or public documents. Could you please advise as to how to implement such requirements into Keycloak Authorization services? Assuming this isn't currently supported, a simple solution seems to be implementing the ability to set resource attributes and make them available to policy construction. Would you be considering implementing such approach (or any other)? Best regards, Thiago Presa _______________________________________________ keycloak-user mailing list keycloak-user(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-user