Hello Community !
I am lead developer at AOS and I need some advices for a specific integration.
AOS is a startup in the building industry and it’s help professionals to communicate with contractors during the construction of the building
Link => AOS Website
Note that we have already implemented Keycloak for authentication and it’s working fine !
Let’s come back to the point, I need to build a strong system for creating groups with users and permissions ( global permission, permission by project, group of permission and so on ) and i see features that can do the job (group, client, client scope, autorization etc)
Example:
A professional is managing four agencies and he needs to see / manage and modify them
We have to create a binary tree like system in order to manage group and permission
Technical information
Agency is composed of users
Users can be in several agencies in the same time
Users have different roles (admin, intern and guest)
Each roles have specific permissions
Global permission is working on all project where users are in, but we can modify permissions for a specific project if we want, it will overlaid permission only in this project
For example: a intern doesn’t have the right to see answers from the contractor, on a test project, admin can give him the right to do it
Child agency can be parent agency and you go below the tree and so on
So we can have Agency France -> South Agency -> { Agency1, Agency2, Agency3 }
We are looking for the best solution in order to do that, so if someone of the community have a good idea to do it correctly with KeyCloak, could be great 
(msg, call, mail etc)
We want to implement the solution with all the power Keycloak can deliver 
I am looking forward to speaking with you !
Alain