[keycloak-user] RPT can not be issued to resource owner

Pedro Igor Silva psilva at redhat.com
Wed Jul 18 08:11:32 EDT 2018


The owner of a resource does not grants necessarily access to the resource.
So, yeah, you need some policy to actually define who can access (the
owner) the resource. I'm not sure if makes sense to owners approve requests
to access their resources though.

On Wed, Jul 18, 2018 at 6:30 AM, stefan.wachter <stefan.wachter at bosch-si.com
> wrote:

> As a work-around I added a policy that authorizes resource owners:
>
> if ($evaluation.getContext().getIdentity().getId() ==
> $evaluation.getPermission().getResource().getOwner()) $evaluation.grant()
>
> and a permission that uses that policy.
>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>


More information about the keycloak-user mailing list