keycloak-scim/topics/permission/create-scope.adoc

[[_permission_create_scope]]
=== Creating Scope-Based Permissions

A scope-based permission defines a set of one or more scopes to protect using a set of one or more authorization policies. Unlike resource-based permissions, you can use this permission type to create permissions not only for a resource, but also for the scopes associated with it, providing more granularity when defining the permissions that govern your resources and the actions that can be performed on them.

To create a new scope-based permission, select *Scope-based* in the dropdown list in the upper right corner of the permission listing.

.Add Scope-Based Permission
image:../../images/permission/create-scope.png[alt="Add Scope-Based Permission"]

==== Configuration

* *Name*
+
A human-readable and unique string describing the permission. A best practice is to use names that are closely related to your business and security requirements, so you
can identify them more easily.
+
* *Description*
+
A string containing details about this permission.
+
* *Resource*
+
Restricts the scopes to those associated with the selected resource. If none is selected, all scopes are available.
+
* *Scopes*
+
Defines a set of one or more scopes to protect.

* *Apply Policy*
+
Defines a set of one or more policies to associate with a permission.

* *Decision Strategy*
+
The <<fake/../decision-strategy.adoc#_permission_decision_strategies, Decision Strategy>> for this permission.
[RHSSO-599] - Replacing link with fake 2016-11-29 15:30:53 +00:00			`[[_permission_create_scope]]`
Updating titles to match summary 2016-12-02 15:25:43 +00:00			`=== Creating Scope-Based Permissions`
First bucket of documentation from docbook. 2016-05-31 20:36:14 +00:00
General cleanup and edits of the documentation 2016-11-15 21:34:20 +00:00			`A scope-based permission defines a set of one or more scopes to protect using a set of one or more authorization policies. Unlike resource-based permissions, you can use this permission type to create permissions not only for a resource, but also for the scopes associated with it, providing more granularity when defining the permissions that govern your resources and the actions that can be performed on them.`
More doc 2016-06-05 22:17:31 +00:00
General cleanup and edits of the documentation 2016-11-15 21:34:20 +00:00			`To create a new scope-based permission, select Scope-based in the dropdown list in the upper right corner of the permission listing.`
More screenshots. Reviewing getting started tutorials. 2016-06-14 23:50:50 +00:00
			`.Add Scope-Based Permission`
			`image:../../images/permission/create-scope.png[alt="Add Scope-Based Permission"]`

RHSSO-599, 598: fix headers and remaining links issues 2016-12-01 14:32:11 +00:00			`==== Configuration`
More doc 2016-06-05 22:17:31 +00:00
			`* Name`
			`+`
General cleanup and edits of the documentation 2016-11-15 21:34:20 +00:00			`A human-readable and unique string describing the permission. A best practice is to use names that are closely related to your business and security requirements, so you`
			`can identify them more easily.`
More doc 2016-06-05 22:17:31 +00:00			`+`
			`* Description`
			`+`
General cleanup and edits of the documentation 2016-11-15 21:34:20 +00:00			`A string containing details about this permission.`
More doc 2016-06-05 22:17:31 +00:00			`+`
			`* Resource`
			`+`
General cleanup and edits of the documentation 2016-11-15 21:34:20 +00:00			`Restricts the scopes to those associated with the selected resource. If none is selected, all scopes are available.`
More doc 2016-06-05 22:17:31 +00:00			`+`
			`* Scopes`
			`+`
[KEYCLOAK-3546] - A lot of fixes and improvements to docs from srehorn. 2016-09-09 03:53:39 +00:00			`Defines a set of one or more scopes to protect.`
More doc 2016-06-05 22:17:31 +00:00
			`* Apply Policy`
			`+`
[KEYCLOAK-3546] - A lot of fixes and improvements to docs from srehorn. 2016-09-09 03:53:39 +00:00			`Defines a set of one or more policies to associate with a permission.`
More doc 2016-06-05 22:17:31 +00:00
			`* Decision Strategy`
			`+`
[RHSSO-599] - Replacing link with fake 2016-11-29 15:30:53 +00:00			`The <<fake/../decision-strategy.adoc#_permission_decision_strategies, Decision Strategy>> for this permission.`