Keycloak: resource rolebased acccess management issue

Input data:

  • eureka (localhost:8761)
  • spring boot cloud gateway service with keycloak (localhost:8765)
  • developer resource service (localhost:8082)
  • kecloak (localhost:8080)

Keycloak:

  • created realm
  • created client with auth ON
  • created 2 users with 2 different roles: developer and manager
  • created 1 resource for path /developer/** (it’s a prefix for my developer-service endpoint)
  • created role based policy for role=developer (required!)
  • created resource permission based on policy above

Case:
in browser making request

http://localhost:8765/developer/developers

logging in as manager !!!

EXPECTED:
access denied

ACTUAL:
200 with response = list of developers

QUESTION:
have i missed something ? Is this role permission filtration inside of keacloak already? Have already watched several videos and posts, some of them are based on front-end keycloak-js lib and filtration, backend @RolesAllowed. I’m just curious if it’s possible to block the request just using the keycloak admin console?