keycloak-scim/topics/permission/create-scope.adoc

37 lines
1.4 KiB
Text
Raw Normal View History

2016-07-26 21:34:49 +00:00
== Creating Scope-based Permissions
2016-06-08 12:32:31 +00:00
A Scope-based permission defines a set of one or more scopes to protect using a set of one or more authorization policies. Unlike the resource-based permissions, this permission type
allows you to create permissions not only for a resource, but also for the scopes associated with it, providing more granularity when defining the permissions that govern your resources and the
2016-06-05 22:17:31 +00:00
actions that can be performed on them.
To create a new permission select the option *Scope-based* in the dropdown located in the right upper corner of the permission listing.
.Add Scope-Based Permission
image:../../images/permission/create-scope.png[alt="Add Scope-Based Permission"]
=== Configuration
2016-06-05 22:17:31 +00:00
* *Name*
+
A human-readable and unique string describing the permission. We strongly suggest you to use names that are closely related with your business and security requirements, so you
can identify them more easily and also know what they actually mean
+
* *Description*
+
A string with more details about this permission
+
* *Resource*
+
Restrict the scopes to those associated with the selected resource. If not selected all scopes would be available
+
* *Scopes*
+
Defines a set of one or more scopes to protect
* *Apply Policy*
+
Defines a set of one or more policies to associate with a permission
* *Decision Strategy*
+
The link:decision-strategy.html[Decision Strategy] for this permission