[keycloak-dev] fine-grain admin permissions with Authz

Bill Burke bburke at redhat.com
Mon Mar 13 11:15:43 EDT 2017

On 3/13/17 9:43 AM, Pedro Igor Silva wrote:
> Are you already implementing things ? Do you want me to look at these 
> changes or work together with you on them ?
> (As you may have noticed, there is an API that we use internally to 
> actually evaluate policies given a set of permissions.)
Haven't implemented anything just researching how it could be done. The 
biggest issue right now that I'm having is that I don't understand how 
to do things programatically yet (i.e. set up resources, set up scopes, 
set up permissions, set up policies).  I don't understand how the UI 
translates to the JPA entity model and there seems to be a lot of set up 
data hidden by generic Map objects.  Its also really confusing how the 
admin REST interface translates from the UI to the model.    Its also 
really bizarre to me that the things represented in the Admin Console UI 
are not represented in the data model.  i.e. I have no idea how a 
"Scoped-Permission" in the admin console maps to a JSON representation, 
the REST API, nor how that JSON representation is mapped to the model.


More information about the keycloak-dev mailing list