Hello team,
I am a new fan and after writing my own solution painfully we are hoping to
convert to KeyCloak. First, thank you all for your efforts and supporting
this project.
I have gone through the tutorials and terminology, however, I can not seem
to mold a suitable model for my authorization use case through Keycloak
concepts. Please consider this use scenario:
- You provide a SaaS solution for Car Dealerships.
- Every dealership inherits a set of default roles upon creation e.g.
admin, manager, sales, accountant,..)
- Dealership could add/remove permissions to the default roles.
- Dealership can define their own custom roles.
- A dealership has multiple vendors and each vendor has a couple of
roles (admin, accountant, vendor)
- A dealership has numerous departments and each department may have
their own roles for that department
In my built-in model, I have a table that connects a Role to a Principal
(an entity) and the ACLs (or permissions) are assigned to the roles. The
Principal could be "DealershipA", "DealershipB", "Vendor1"
and
"Department0".
Now my questions is: What is the best practice to implement this scenario
in Keycloak.
- How would you connect/assign a role to an entity?
- Would you consider a Dealership, Vendor or a Department a Resource or
a Client or what?
Thank you in advance for all your help,
Show replies by date