[keycloak-dev] fine-grain admin permissions with Authz
Bill Burke
bburke at redhat.com
Mon Mar 13 11:15:43 EDT 2017
On 3/13/17 9:43 AM, Pedro Igor Silva wrote:
>
> Are you already implementing things ? Do you want me to look at these
> changes or work together with you on them ?
>
> (As you may have noticed, there is an API that we use internally to
> actually evaluate policies given a set of permissions.)
Haven't implemented anything just researching how it could be done. The
biggest issue right now that I'm having is that I don't understand how
to do things programatically yet (i.e. set up resources, set up scopes,
set up permissions, set up policies). I don't understand how the UI
translates to the JPA entity model and there seems to be a lot of set up
data hidden by generic Map objects. Its also really confusing how the
admin REST interface translates from the UI to the model. Its also
really bizarre to me that the things represented in the Admin Console UI
are not represented in the data model. i.e. I have no idea how a
"Scoped-Permission" in the admin console maps to a JSON representation,
the REST API, nor how that JSON representation is mapped to the model.
BIll
More information about the keycloak-dev
mailing list