[keycloak-user] Permission logic vs Policy logic
Nhut Thai Le
ntle at castortech.com
Thu Mar 15 14:07:02 EDT 2018
Hello,
In the admin console, Logic can be set to Negative and Positive for Policy
but not Permission. This lead me to think that the Policy act as a filter
and the Permission is just to tide that filter to a resource (with or
without scope). However when i look at the permission test case
testCreateResourcePermission()
(
https://github.com/pedroigor/keycloak/blob/1e1de85685bb5d5f180f510630cd7133f8a35375/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/ResourcePermissionManagementTest.java)
I see Permission also have Logic. So now i'm thinking Policy logic is to
negate the policy statement (if needed) and Permission logic is to control
deny or grant access to the resource, am i correct? If not, what is the
differences between Permission logic and Policy logic?
Why there is no option to change Permission logic in the admin console?
Thai
More information about the keycloak-user
mailing list