[keycloak-user] RBAC : adding permissions to roles
Avinash Kundaliya
avinash at avinash.com.np
Mon Jan 9 08:44:30 EST 2017
Hi Stian,
Is there an example of how to do this simply, or would one have to
create scopes (which is like a permission), policies (one for each role)
and permissions, that would map the role to a scope ?
Also, possibly a related question, does role-type policy also take in
account roles that a user gets effectively because of a composite role?
If so, the "Evaluate" page always gives me a Deny. Another approach, If
i add the scope to each policy, then it still gives me a Deny (I tried
setting the strategy to Affirmative, still didn't help).
I hope the description isnt abstract, if so I will try to add
screenshots next time.
Regards,
Avinash
On 1/9/17 19:14, Stian Thorgersen wrote:
> You can either use our authorization services (see
> https://keycloak.gitbooks.io/authorization-services-guide/content/) to
> manage permissions centrally through Keycloak or you can manage it on
> your own within the application.
>
> On 9 January 2017 at 14:19, Avinash Kundaliya <avinash at avinash.com.np
> <mailto:avinash at avinash.com.np>> wrote:
>
> Hello,
>
> I have a very basic question and am curious how to model this via
> keycloak.
>
> In my application I have some roles. I want to map each role to a
> set of
> permissions so that based on those permissions i can check if the user
> has access to a specific action/resource in my application server.
> (pretty much how classically RBAC is done)
>
> I am curious if there is a defined pattern/way of modeling such a
> behavior in keycloak, or would the best way to do this would be to
> define and map permissions (to roles) in the application (i.e outside
> keycloak). What is the best practice for such a case?
>
> Regards,
> Avinash
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org <mailto:keycloak-user at lists.jboss.org>
> https://lists.jboss.org/mailman/listinfo/keycloak-user
> <https://lists.jboss.org/mailman/listinfo/keycloak-user>
>
>
More information about the keycloak-user
mailing list