4:26 a.m.
Hello , i wan't to create CRUD using KeyCloak , i have an angularJS
application and it's use KeyCloak
My case is : i have screens in my application that contain sub screens and
every sub screen contain CRUD roles (CREATE , READ , UPDATE , DELETE) ,
it's may contain multi levels
the screenshot may make the case more clear
the normal client roles is not enough for me or maybe i miss understand
some thing
could you please help me how to create these roles in KeyCloak , or if
KeyCloak is support roles like this or if there is any other way to create
them ?
Thanks
--
Yasser El-Ata
Java Developer
BluLogix
737 Walker Rd Ste 3, Great Falls, VA 22066
t: 443.333.4100 | f: 443.333.4101
*www.blulogix.com <http://www.blueoss.com/>*
The information transmitted is intended only for the person(s) to whom it
is addressed and may contain confidential and/or privileged material. Any
review, retransmission, dissemination or other use of, or taking of any
action in reliance upon, this information by persons or entities other than
the intended recipient is prohibited. If you received this in error, please
contact the sender and delete the material from any computer.
6:10 a.m.
If you have a limited number of screens then it can a good idea to create
roles for these, and you can just create these a client roles using the
admin console or admin endpoints. You can use a delimiter in the role name
to specify the screen (for example 'screen-a/read'. However, if you have a
large number of screens then the roles approach will quickly become
unmanageable and you may be better of using an ACL or something in your
application itself.
What you are asking for is more often implemented as ACLs rather than RBAC.
RBAC is usually used for things like 'manager' has read/write access to a
group of resources, rather than 'user-a' has read access to 'resource-a'.
On 2 March 2016 at 11:26, Yasser El-ata <yelata(a)blulogix.com> wrote:
Hello , i wan't to create CRUD using KeyCloak , i have an
angularJS
application and it's use KeyCloak
My case is : i have screens in my application that contain sub screens and
every sub screen contain CRUD roles (CREATE , READ , UPDATE , DELETE) ,
it's may contain multi levels
the screenshot may make the case more clear
the normal client roles is not enough for me or maybe i miss understand
some thing
could you please help me how to create these roles in KeyCloak , or if
KeyCloak is support roles like this or if there is any other way to create
them ?
Thanks
--
Yasser El-Ata
Java Developer
BluLogix
737 Walker Rd Ste 3, Great Falls, VA 22066
t: 443.333.4100 | f: 443.333.4101
*www.blulogix.com <http://www.blueoss.com/>*
The information transmitted is intended only for the person(s) to whom it
is addressed and may contain confidential and/or privileged material. Any
review, retransmission, dissemination or other use of, or taking of any
action in reliance upon, this information by persons or entities other than
the intended recipient is prohibited. If you received this in error, please
contact the sender and delete the material from any computer.
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
7:38 a.m.
Thanks for your fast response
I've another question please is there any third-party application may help
me in this case (provide ACL CRUD) , and can be easily integrated with
KeyCloak ?
On Wed, Mar 2, 2016 at 2:10 PM, Stian Thorgersen <sthorger(a)redhat.com>
wrote:
If you have a limited number of screens then it can a good idea to
create
roles for these, and you can just create these a client roles using the
admin console or admin endpoints. You can use a delimiter in the role name
to specify the screen (for example 'screen-a/read'. However, if you have a
large number of screens then the roles approach will quickly become
unmanageable and you may be better of using an ACL or something in your
application itself.
What you are asking for is more often implemented as ACLs rather than
RBAC. RBAC is usually used for things like 'manager' has read/write access
to a group of resources, rather than 'user-a' has read access to
'resource-a'.
On 2 March 2016 at 11:26, Yasser El-ata <yelata(a)blulogix.com> wrote:
> Hello , i wan't to create CRUD using KeyCloak , i have an angularJS
> application and it's use KeyCloak
>
> My case is : i have screens in my application that contain sub screens
> and every sub screen contain CRUD roles (CREATE , READ , UPDATE , DELETE) ,
> it's may contain multi levels
>
> the screenshot may make the case more clear
>
> the normal client roles is not enough for me or maybe i miss understand
> some thing
>
> could you please help me how to create these roles in KeyCloak , or if
> KeyCloak is support roles like this or if there is any other way to create
> them ?
>
> Thanks
>
> --
> Yasser El-Ata
> Java Developer
> BluLogix
> 737 Walker Rd Ste 3, Great Falls, VA 22066
> t: 443.333.4100 | f: 443.333.4101
> *www.blulogix.com <http://www.blueoss.com/>*
>
> The information transmitted is intended only for the person(s) to whom it
> is addressed and may contain confidential and/or privileged material. Any
> review, retransmission, dissemination or other use of, or taking of any
> action in reliance upon, this information by persons or entities other than
> the intended recipient is prohibited. If you received this in error, please
> contact the sender and delete the material from any computer.
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
--
Yasser El-Ata
Java Developer
BluLogix
737 Walker Rd Ste 3, Great Falls, VA 22066
t: 443.333.4100 | f: 443.333.4101
*www.blulogix.com <http://www.blueoss.com/>*
The information transmitted is intended only for the person(s) to whom it
is addressed and may contain confidential and/or privileged material. Any
review, retransmission, dissemination or other use of, or taking of any
action in reliance upon, this information by persons or entities other than
the intended recipient is prohibited. If you received this in error, please
contact the sender and delete the material from any computer.
3233
days inactive
3233
days old
2 comments
2 participants
participants (2)
-
Stian Thorgersen -
Yasser El-ata