[keycloak-user] Viewing permissions
Pedro Igor Silva
psilva at redhat.com
Wed Mar 7 06:31:38 EST 2018
I think this is the best way to go ....
In fact, this is exactly what we are pushing now with UMA 2.0 and support
for asynchronous authorization. Suppose you have a "Request Access" button
in case the user is not allowed to perform operation on a resource
belonging to a different user. This button could be displayed based on a
"test" authorization request to which you can also specify whether or not
you want to start an authorization flow to get approval from resource owner.
Regards.
Pedro Igor
On Tue, Mar 6, 2018 at 4:27 PM, Corentin Dupont <corentin.dupont at gmail.com>
wrote:
> Hi all,
> I have a question around the representation and result of permissions.
> Say I have an application that manages socks inventory. The UI is
> displaying a button to delete socks. However, some user doesn't have the
> right to delete socks!
> So, I perform a request to Keycloak to get the permission.
> It works well: if the user doesn't have permission, the message
> "authorization denied" is displayed on the screen.
>
> However, it would be nicer to remove the "delete" button entirely.
> My policies are quite complex and multi-dimensional: You can delete socks
> if you are admin, but also if it belongs to you, you belong to some groups
> etc.
> So anticipating the reply to an authorization request can be very hard.
>
> What do you suggest? Should we perform a "test" authorization request
> before display the "delete" button?
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
More information about the keycloak-user
mailing list