[keycloak-user] Keycloak ACL data access

[Don Reynolds (dreynold)]

Hello Luca,

I believe what you will want to do is pass the user's authentication token into your call in your "GET /reports/" call on the resource server and have it pull the relevant user information from the token, such as user name or email, and then use it to limit the query you do to for a filter reports for that user.  
Another mechanism would be to create realm roles in keycloak that correspond to various application functionality and assign those roles to your users.  Once a user is authenticated and the token is returned, the role assigned to the user will also appear in the token, so you can use those to control what the user has access to on your resource server.

> -----Original Message-----
> From: keycloak-user-bounces at lists.jboss.org <keycloak-user-
> bounces at lists.jboss.org> On Behalf Of Luca Luca
> Sent: Friday, October 5, 2018 12:11 PM
> To: keycloak-user at lists.jboss.org
> Subject: [keycloak-user] Keycloak ACL data access
> 
> CAUTION: This email originated from outside of the organization. Do not click
> links or open attachments unless you recognize the sender and know the
> content is safe.
> 
> 
> Hello,
> 
> Is there a way to manage fine grained authorizations with Keycloak like in the
> following scenario?
> There are Users and Reports.
> If i'm logged in as "user1", I can only view my reports
> 
> So there is REST endpoint on Resource Server:
> 
> GET /reports/ - Return set of reports that belong to logged user
> 
> How can i use Keycloak to filter data records by user?
> 
> Thank you for your help
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user