Keycloak: resource rolebased acccess management issue

Input data:

  • eureka (localhost:8761)
  • spring boot cloud gateway service with keycloak (localhost:8765)
  • developer resource service (localhost:8082)
  • kecloak (localhost:8080)


  • created realm
  • created client with auth ON
  • created 2 users with 2 different roles: developer and manager
  • created 1 resource for path /developer/** (it’s a prefix for my developer-service endpoint)
  • created role based policy for role=developer (required!)
  • created resource permission based on policy above

in browser making request


logging in as manager !!!

access denied

200 with response = list of developers

have i missed something ? Is this role permission filtration inside of keacloak already? Have already watched several videos and posts, some of them are based on front-end keycloak-js lib and filtration, backend @RolesAllowed. I’m just curious if it’s possible to block the request just using the keycloak admin console?