keycloak-scim/authorization_services/topics/policy-group-policy-extend-children.adoc

[[_policy_group_extend_access_children]]
= Extending Access to Child Groups

By default, when you add a group to this policy, access restrictions will only apply to members of the selected group.

Under some circumstances, it might be necessary to allow access not only to the group itself but to any child group in the hierarchy. For any group
added you can mark a checkbox *Extend to Children* in order to extend access to child groups.

.Extending Access to Child Groups
image:{project_images}/policy/create-group-extend-children.png[alt="Extending Access to Child Groups"]

In the example above, the policy is granting access for any user member of *IT* or any of its children.
Group policy docs and minor fixes to summary 2017-09-22 18:23:59 +00:00			`[[_policy_group_extend_access_children]]`
Convert Authorization Service to a flat topic structure (#212) * Convert Authorization Service to a flat topic structure * Fix issue with toc being cut 2017-10-09 06:38:46 +00:00			`= Extending Access to Child Groups`
Group policy docs and minor fixes to summary 2017-09-22 18:23:59 +00:00
			`By default, when you add a group to this policy, access restrictions will only apply to members of the selected group.`

			`Under some circumstances, it might be necessary to allow access not only to the group itself but to any child group in the hierarchy. For any group`
			`added you can mark a checkbox Extend to Children in order to extend access to child groups.`

			`.Extending Access to Child Groups`
			`image:{project_images}/policy/create-group-extend-children.png[alt="Extending Access to Child Groups"]`

			`In the example above, the policy is granting access for any user member of IT or any of its children.`