[keycloak-user] Fwd: regarding custom attributes and mapping resources to users

Avinash Kundaliya avinash at avinash.com.np
Thu Dec 22 04:20:03 EST 2016 

Hi,
since I got no response to my previous email and i can see some action 
happening in the mailing list, I will try to forward my question and 
explain it again.

  * Can a user update their own custom attributes ? I want to use custom
    attributes to store data that would help in creating policies for
    their permissions. From what i could understand from previous
    discussions, it looks like users cannot, but its not confirmed or
    mentioned anywhere.

  * Related to the question above, is there a defined structure/ pattern
    to define resource ownership in keycloak, eg. user-id *"xx"* is a
    manger of resource-id *"yy"* , user-id "*aa*" is a viewer of
    resource-id "*bb*" and so on and so forth.

     From my question last time, What are the best practices to map
    roles to specific resources? For example if i have a role called as
    shop_owner how do i map a user with that role to a specific shop
    (for example). Is this something that keycloak has defined
    structures for ? How can i achieve such a structure with keycloak
    and with/without using the keycloak authorization/resource services.

Some help or push in the right direction would be helpful.

Regards,
Avinash


-------- Forwarded Message --------
Subject: 	regarding custom attributes and mapping resources to users
Date: 	Tue, 20 Dec 2016 16:14:03 +0545
From: 	Avinash Kundaliya <avinash at avinash.com.np>
To: 	keycloak-user at lists.jboss.org



Hello Community,

I am fairly new to using keycloak and still getting immersed into the 
authentication and authorization jargons. I have some basic queries that 
i am curious about.

  * Regarding the custom attributes for each user
    (https://keycloak.gitbooks.io/server-adminstration-guide/content/topics/users/attributes.html).
    Is this something that a user can edit for themselves or is
    something for an administrator to manage custom content for the
    user? Basically, as an administrator can I put information that
    should be hidden from the user as a custom attribute ?
  * My second question is more about architecture of applications with
    authentication and authorization. What are the best practices to map
    roles to specific resources? For example if i have a role called as
    shop_owner how do i map a user with that role to a specific shop
    (for example). Is this something that keycloak has defined
    structures for ? How can i achieve such a structure with keycloak
    and with/without using the keycloak authorization/resource services.

Looking forward to some constructive discussions and some answers to the 
basic issues I have.

Regards,
Avinash

More information about the keycloak-user mailing list