[keycloak-user] Policy Evaluation Rules
titorenko at dtg.technology
Tue Feb 5 04:12:26 EST 2019
Could you please help me with understanding how policies are evaluated?
I have REST service with several operations. Each of them is protected by corresponding scope (create, view, update, delete, list). For each of these scopes I defined scope based permission which controls access to its scope.
I expect, that ‘Author’ policy will only be evaluated, when ‘delete’ operation on service is called. But I see, that it is evaluated each time ANY operation is called.
So, if all policies are evaluated for each call, then what is a purpose of specifying policies in permissions? What is a right way to use policies then?
More information about the keycloak-user