[keycloak-user] Keycloak ACL for a specific user on a specific object
Antoine Carton
antoine at saagie.com
Thu Apr 13 03:25:29 EDT 2017
Hello,
Is there a way to manage fine grained authorizations with Keycloak like in
the following scenario:
- A user user1 belongs to a group group1
- group1 has READ access to the REST path: GET /my/entity/{entity_id}
- group1 has not WRITE access to this path: POST /my/entity/{entity_id}
This means that all users of that group can only READ at that path,
whatever the {entity_id} is.
The question is:
Is it possible to allow user1 ONLY of group1, to have WRITE access to a
specific entity_id.
The purpose is to use the Spring Boot/Spring Security Adapter and replace
what Spring security does with @PreAuthorize annotation for example.
Thank you for your help,
Best regards
More information about the keycloak-user
mailing list