I have some resources and permissions like this, but when i evaluate permission, I didn’t get what I expected.
resource: menu1 type=menu
permission1: need role(super_admin)
permission2: need role(editor)
user: 004566 has role(super_admin) and no role(editor)
Now the role(super_admin) is PERMIT
and role(editor) is DENY
,but the Result is DENY
even if I set the Decision Strategy
to Affirmative
. This situation does not conform to the keycloak doc in my understanding. I think it should be PERMIT
. WHY?