[keycloak-user] Scope Permissions with Resource Type
Farzad Panahi
farzad.panahi at gmail.com
Fri Jun 7 16:33:21 EDT 2019
Hi,
I have a client authorization set-up like the following:
RERSOURCE_1: [SCOPE_READ, SCOPE_WRITE], RESOURCE_TYPE_ALPHA
RERSOURCE_2: [SCOPE_READ, SCOPE_WRITE], RESOURCE_TYPE_ALPHA
RERSOURCE_3: [SCOPE_READ, SCOPE_WRITE], RESOURCE_TYPE_ALPHA
USER_1: USER_GROUP_A
USER_2: USER_GROUP_A
USER_GROUP_A_POLICY: GRANT ACCESS TO USER_GROUP_A
I want to create permissions to give only SCOPE_READ access (not
SCOPE_WRITE access) to USER_GROUP_A for RESOURCE_TYPE_ALPHA.
If I create a resourced based permission then it will give grant access to
both scopes.
Unfortunately I cannot create a scope based permission because scope
permission does not support resource type. It only supports resource. If I
want to use scoped based permission then I have to create permission for
every single resource in my resource type.
I was wondering if there is a reason that scope based permission does not
support resource type?
Also anyone has any idea how I can achieve my requirement given the
limitations that we have? Is there a way to create a policy that grants
access only to a certain scope?
Cheers
Farzad
More information about the keycloak-user
mailing list