keycloak-scim/authorization_services/topics/permission/create-scope.adoc

36 lines
1.4 KiB
Text
Raw Normal View History

2016-11-29 15:30:53 +00:00
[[_permission_create_scope]]
2016-12-02 15:25:43 +00:00
=== Creating Scope-Based Permissions
A scope-based permission defines a set of one or more scopes to protect using a set of one or more authorization policies. Unlike resource-based permissions, you can use this permission type to create permissions not only for a resource, but also for the scopes associated with it, providing more granularity when defining the permissions that govern your resources and the actions that can be performed on them.
2016-06-05 22:17:31 +00:00
To create a new scope-based permission, select *Scope-based* in the dropdown list in the upper right corner of the permission listing.
.Add Scope-Based Permission
2017-01-05 16:54:31 +00:00
image:../../{{book.images}}/permission/create-scope.png[alt="Add Scope-Based Permission"]
==== Configuration
2016-06-05 22:17:31 +00:00
* *Name*
+
A human-readable and unique string describing the permission. A best practice is to use names that are closely related to your business and security requirements, so you
can identify them more easily.
2016-06-05 22:17:31 +00:00
+
* *Description*
+
A string containing details about this permission.
2016-06-05 22:17:31 +00:00
+
* *Resource*
+
Restricts the scopes to those associated with the selected resource. If none is selected, all scopes are available.
2016-06-05 22:17:31 +00:00
+
* *Scopes*
+
Defines a set of one or more scopes to protect.
2016-06-05 22:17:31 +00:00
* *Apply Policy*
+
Defines a set of one or more policies to associate with a permission.
2016-06-05 22:17:31 +00:00
* *Decision Strategy*
+
2016-11-29 15:30:53 +00:00
The <<fake/../decision-strategy.adoc#_permission_decision_strategies, Decision Strategy>> for this permission.