31 lines
1.3 KiB
Text
31 lines
1.3 KiB
Text
|
== Managing Policies
|
||
|
|
||
|
As mentioned before, policies define the conditions that must satisfied before granting access to a set of one or more resources.
|
||
|
|
||
|
Keycloak provides some built-in implementations that you can use to create from the most simple to the more complex policy using different access control mechanisms.
|
||
|
|
||
|
* *User-Based Policy*
|
||
|
+
|
||
|
Defines that only a set of one or more users are allowed to access a protected resource.
|
||
|
+
|
||
|
* *Role-Based Policy*
|
||
|
+
|
||
|
Defines that only a set of one or more roles are allowed to access a protected resource.
|
||
|
+
|
||
|
* *Time-Based Policy*
|
||
|
Defines that access to a protected resource is granted depending on time conditions.
|
||
|
+
|
||
|
* *Javascript-Based Policy*
|
||
|
+
|
||
|
A type of <literal>rule-based access control</literal> where you can use Javascript to write the policy conditions. With this policy
|
||
|
you have great flexibility to define from the more simple to most complex conditions.
|
||
|
+
|
||
|
* *Drools-Based Policy*
|
||
|
+
|
||
|
A type of <literal>rule-based access control</literal> where you can use JBoss Drools to define your policies. Here you can package policies as Maven artifacts
|
||
|
and get all the benefits of the rule engine provided by JBoss Drools.
|
||
|
+
|
||
|
* *Aggregated Policy*
|
||
|
+
|
||
|
Allows you to combine different policies into a single one. With this policy you can reuse existing policies and derive policies from them
|
||
|
accordingly with your requirements.
|