Details

    • Docs QE Status:
      NEW
    • QE Status:
      NEW

      Description

      Hi,
      I miss something to handle all requirements for my applications. It would be awesome to have a Attribute based Permission. This is how i conceive it :

      • In the authorization service a new tab to define a resource type with their attributes like for example, a Car's resource type ( Color, Model, Size ... ) but without value like currently in the resource tab.
      • A Attribute fields inside Resource and Scope permissions to add informations of what attribute can be retrieve inside a Resource. Maybe with a positive or negative grant to add or remove only one field.
      • As other permissions, this would be available inside a RPT to be process offline by resource server.

      It would allow to handle use case like retrieve all users but not their gender for example

      I know i can achieve the same result with scopes but it tend to makes scope definition explode as i need to defined a scope for each attribute of a resource type.

      Beside that Keycloak is just a awesome product.
      Thx.

        Gliffy Diagrams

          Attachments

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                scandinave1 Romain LE BARO
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated: