Hi,
I am unsure if my understanding of Keycloaks permission evaluation engine is flawed, or if
there’s a bug in the system. I have a resource that is protected by multiple permissions.
What is the expected behavior if one permission decides to DENY and another decides to
PERMIT? I would expect that the overall decision would be PERMIT.
However, I can create both scenarios – overall decision PERMIT / DENY – depending on which
permissions I set (see screenshots for details). I wasn’t able to find a detailed
explanation in the docs, so I would be grateful for some clarity.
Thanks,
Marco
[cid:image001.png@01D485A1.1D536320][cid:image002.png@01D485A1.1D536320]
Show replies by date