Hello,
keycloak is good for authenticating users and setting up roles and attributes, but if I want more fine grained auth - access control to specific entities in my system, do I need to combine keycloak with something else?
In my system we have many IoT devices. I want to add/restrict users to certain devices. Naively I would maintain tables mapping a userId to a deviceId (or perhaps userId to groupId and then groupId to deviceId). To figure out what/if a user has access to a IoT device I would use the user id from keycloak and look it up in these aforementioned tables.
I feel like I am reinventing the wheel a bit. Can keycloak do this for me, or should I be extending keycloak to do this? Or is this not what keycloak primarily designed for, and in fact I should have a separate auth service that works with keycloak to achieve what I have described
Thanks