Hi everyone, I am new to Keycloak. My system has many microsevices like grafana, pgadmin and some other web services. I’m using docker swarm and traefik reverse proxy. I want to protect these services and also restrict user access so I set up a traefik
FowardAuth to route user request to Oauth. Then they can sign in Keycloak for authentication.
Currently, everyone in the organization can access all services with a gmail account. I want to restrict them like the personal A can only access the Grafana, the person B can access pgadmin and the person C can have full access to all services. I am thinking about the role in keycloak, so that I can create user group:
grafana-user, pgadmin-user, admin. I also create some user role for a specific service like
admin, guest, editor.
How can I implement these thing for checking user permission? I saw that we have a keycloak gatekeeper but assomeone said it is similar to OAuth2. Or I have to implement a adapter service for it?
Any suggestions are welcome.