Design Resource Authorization with Many to Many relationship

deeeed · January 13, 2022, 11:10am

I am trying to design a learning app with users, classroom, and articles.
My issue is how to represent the resources in keycloak to manage authorization.

I have two users:

user1 belongs to classroom 1 and 2 and owns article1, article2, article3
user 2 belongs to classroom 1
article1 is owned by user1
article2 is owned by user1
article3 is owned by user1

How can I define resources so that user1 can share to everyone within classroom1? (eg: giving access to user2 indirectly).

Resources:

/classroom/1  
/classroom/2
/articles/1 
/articles/2
/articles/3

I am simplifying the issue but the pattern is similar to what I am trying to achieve.

Any help would be much appreciated.

deeeed · January 14, 2022, 12:53am

I am thinking to use the attributes field in the declared article resources.

For example:
resource uri ‘/article/1’ would have a list of classroom id attribute:

classroomId: 1

Would that be a bad practice?

Topic		Replies	Views
Best way to have groups managing a resource? Getting advice	0	1285	January 29, 2021
Permission evalution for resources with many entities Getting advice	0	447	December 17, 2019
Understanding the keycloak authorization over a Resource Getting advice	2	844	March 6, 2023
Proper read/write permission management	0	554	January 3, 2022
Fine grained resource-based authorization Getting advice	1	655	November 29, 2021

Design Resource Authorization with Many to Many relationship

Related Topics