[keycloak-user] Proper naming for User Based Access Control

[Stefanidis, Kyriakos]

Hello all,

In the topic of Keycloak authorization services. I was wondering if there is a proper, or at least a nicer than mine, naming scheme for the names of the resources, policies and permissions when trying to set up UBAC.

The scenario:
There are N resources of a specific type "box"
Specific users need to have access to specific resource
The management is done centrally by the realm admin

A solution:
Create N resources with the name "box##" and the uri scheme is "/resources/box/##"
Create N (user based) policies with the name "Only users that access box##"
Create N (resource based) permissions with the name "Allow access to box##"

My comments:
The solution seems a bit verbose and bulky and I couldn't find a more structured naming scheme. If I add S scopes to the concept then I have S*N policies and permissions with the scope as part of the policy and permission names.

Are there any more structured ways of setting up UBAC in keycloak that I am missing here? At least, are there any better naming schemes that I could use?

Best regards,
Kyriakos Stefanidis