keycloak-scim/authorization_services/topics/policy-role-policy-required-role.adoc

[[_policy_rbac_required]]
= Defining a Role as Required

When creating a role-based policy, you can specify a specific role as `Required`. When you do that, the policy will grant access
only if the user requesting access has been granted *all* the *required* roles. Both realm and client roles can be configured as such.

.Example of Required Role
image:{project_images}/policy/create-role.png[alt="Example of Required Role"]

To specify a role as required, select the `Required` checkbox for the role you want to configure as required.

Required roles can be useful when your policy defines multiple roles but only a subset of them are mandatory. In this case, you can combine realm and client roles to enable an
even more fine-grained role-based access control (RBAC) model for your application. For example, you can have policies specific for a client and require a specific client role associated with that client. Or you can enforce that access is granted only in the presence of a specific realm role. You can also combine both approaches within the same policy.
[RHSSO-599] - Replacing link with fake 2016-11-29 15:30:53 +00:00			`[[_policy_rbac_required]]`
Convert Authorization Service to a flat topic structure (#212) * Convert Authorization Service to a flat topic structure * Fix issue with toc being cut 2017-10-09 06:38:46 +00:00			`= Defining a Role as Required`
Updating role policy and adding more doc 2016-07-28 16:45:07 +00:00
General cleanup and edits of the documentation 2016-11-15 21:34:20 +00:00			When creating a role-based policy, you can specify a specific role as `Required`. When you do that, the policy will grant access
			`only if the user requesting access has been granted all the required roles. Both realm and client roles can be configured as such.`
Updating role policy and adding more doc 2016-07-28 16:45:07 +00:00
			`.Example of Required Role`
Convert documentation to AsciiDoctor 2017-08-28 12:50:14 +00:00			`image:{project_images}/policy/create-role.png[alt="Example of Required Role"]`
Updating role policy and adding more doc 2016-07-28 16:45:07 +00:00
General cleanup and edits of the documentation 2016-11-15 21:34:20 +00:00			To specify a role as required, select the `Required` checkbox for the role you want to configure as required.
Updating role policy and adding more doc 2016-07-28 16:45:07 +00:00
General cleanup and edits of the documentation 2016-11-15 21:34:20 +00:00			`Required roles can be useful when your policy defines multiple roles but only a subset of them are mandatory. In this case, you can combine realm and client roles to enable an`
Convert Authorization Service to a flat topic structure (#212) * Convert Authorization Service to a flat topic structure * Fix issue with toc being cut 2017-10-09 06:38:46 +00:00			`even more fine-grained role-based access control (RBAC) model for your application. For example, you can have policies specific for a client and require a specific client role associated with that client. Or you can enforce that access is granted only in the presence of a specific realm role. You can also combine both approaches within the same policy.`