I have a requirement to implement authorization using keycloak (Combination of Resource/Role/User/Group based Access Control). To begin with I’m testing a simple scenario, where I have created a User “XYZ” with “Operator” as his Role. I’m trying to test if this user XYZ has modify/execute permissions on resource “ABC”. Surprisingly the evaluation results are not as expected. Please find the details of my project below,
- Backend: Java with Quarkus framework
- Frontend: Angular
- Keycloak Version: 16.1.1
- We have created the Realm and client in the keycloak
- Authentication: SSO is implemented using Keycloak – working fine
- Authorization: Currently we only have 1 Resource, 1 policy and 1 Permission created under the Client.
Scopes: Read, modify and execute
Roles: Administrator, Data Engineer, Project Manager, Moderator, Operator, User
I would appreciate it if you could let me know what is not right in the above scenario and if the Keycloak evaluation results are correct. Also let me know if my understanding of the above is correct.
Thanking you in advance and hoping to get a response soon.