Hi
How many resources can Keycloak support in authorization?
We already use resource based authorization to protect Rest urls and that work fine.
I wanted to extend it and specify what data the user can access to.
I have created 300 roles and added 6k resources with a a single permission each and 3 role based policies each. Resource has no URL, no scope - I simply want to grant access based on a role.
The authentication response time (on laptop) went from 100ms to 1min. And this is for a user that has none of those 300 roles assigned.
Our goal would be to support 600K of resources. Other questions in this forum talk about millions of resources. Is it even feasable?
Any performance test available for resource-based authorization?
I have created an SQL script to populate postgres db, as import via api or import tool has very poor performance. Can share a file if interested.
Running v.17
In Postgress DB logs I see 2 queries for each Resource and 1 query for each permission. So thats 3 queries for each resource * 6.000 resources = 18.000 db queries - insane???
In this specific case a more reasonable approach would be to first to check what policy pass (a single query for role based check) and then see what resources are related to that policy - that would be a dozen of queries at most.