Currently, you can not set groups as resource owners. However we have a
User-Managed Policy API that can be used for what you are looking for.
Please, take a look at this doc [1].
It supports not only group policies, but user, role and more complex
policies using JS.
[1]
https://www.keycloak.org/docs/latest/authorization_services/index.html#_s...
On Mon, Nov 5, 2018 at 2:24 PM Ulrik Sjölin <ulrik.sjolin(a)gmail.com> wrote:
Hello,
I find the request-response mechanism of UMA very interesting and
think it would
be very useful where I work. But I have not found a way to scale it…
Is it possible for a resource owner to delegate the responsibilities
for sharing
resources to other users? Consider a large organisation that owns a
large set or
resources and has a large number of users. The organisation wants to
have a group
of admins to handle answering the requests that comes in from the users
asking
for access to different resources.
What is the best-practice way for handling a use case like this?
Is it possible to assign a group as resource owner?
Best Regards,
Ulrik Sjölin
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user