13 lines
1,022 B
Text
13 lines
1,022 B
Text
|
== Defining a Role as Required
|
||
|
|
|
||
|
|
When creating a role-based policy, you may mark a specific role as `Required`. When you do that, the policy will only grant access
|
||
|
|
if the user asking for access is granted with *all* the *required* roles. Both realm and client roles can be configured as such.
|
||
|
|
|
||
|
|
.Example of Required Role
|
||
|
|
image:../../images/policy/create-role.png[alt="Example of Required Role"]
|
||
|
|
|
||
|
|
To mark a role as required, just mark the `Required` checkbox on the corresponding role you want configure as required.
|
||
|
|
|
||
|
|
Required roles can be very handy when your policy defines multiple roles but only a subset of them are mandatory. In this case, you can mix realm and client roles to enable an
|
||
|
|
even more fine-grained RBAC model to your application. For instance, you may have policies specific for a client and require a specific a client role associated with that client. Or you can just
|
||
|
|
enforce that access is only granted based on the presence of a specific realm role. Or even have both approaches within the same policy.
|