Need to implement Authorization for my Use Case

There are 5 types of entity we have in our system

  1. owner
  2. sub-owner
  3. manager
  4. staff
  5. cashier

Assume the owner gets logged in to keycloak with role owner, now owner has 4 outlets for his business

Owner create one user name John now owner wanted to give permission to John on each outlet level


John will be manager for outlet_1
John will be cashier for outlet_2
John will be staff for outlet_3
John will be sub-owner for outlet_4

So now we are not able to identify which authorization approach we should follow in keycloak to achieve this use case

Can you use Groups to organize your users into Outlets?

I was thinking of trying to use ABAC approach, so I can use authorization