keycloak-scim/docs/documentation/authorization_services/topics/resource-server-default-config.adoc

[[_resource_server_default_config]]
= Default Configuration

When you create a resource server, {project_name} creates a default configuration for your newly created resource server.

The default configuration consists of:

* A default protected resource representing all resources in your application.
* A policy that always grants access to the resources protected by this policy.
* A permission that governs access to all resources based on the default policy.

The default protected resource is referred to as the *default resource* and you can view it if you navigate to the *Resources* tab.

.Default resource
image:images/resource-server/default-resource.png[alt="Default resource"]

This resource defines a `Type`, namely `urn:my-resource-server:resources:default` and a `URI` `/*`. Here, the `URI` field defines a
wildcard pattern that indicates to {project_name} that this resource represents all the paths in your application. In other words,
when enabling policy enforcement for your application, all the permissions associated with the resource
will be examined before granting access.

The `Type` mentioned previously defines a value that can be used to create <<_permission_typed_resource, typed resource permissions>> that must be applied
to the default resource or any other resource you create using the same type.

The default policy is referred to as the *only from realm policy* and you can view it if you navigate to the *Policies* tab.

.Default policy
image:images/resource-server/default-policy.png[alt="Default policy"]

This policy is a <<_policy_js, JavaScript-based policy>> defining a condition that always grants access to the resources protected by this policy. If you click this policy you can see that it defines a rule as follows:

```js
// by default, grants any permission associated with this policy
$evaluation.grant();
```

Lastly, the default permission is referred to as the *default permission* and you can view it if you navigate to the *Permissions* tab.

.Default Permission
image:images/resource-server/default-permission.png[alt="Default Permission"]

This permission is a <<_permission_create_resource, resource-based permission>>, defining a set of one or more policies that are applied to all resources with a given type.

== Changing the default configuration

You can change the default configuration by removing the default resource, policy, or permission definitions and creating your own.

The default resource is created with a **URI** that maps to any resource or path in your application using a **/*** pattern. Before creating your own resources, permissions and policies, make
sure the default configuration doesn't conflict with your own settings.

[NOTE]
The default configuration defines a resource that maps to all paths in your application. If you are about to write permissions to your own resources, be sure to remove the *Default Resource* or change its ```URIS``` fields to a more specific paths in your application. Otherwise, the policy associated with the default resource (which by default always grants access) will allow {project_name} to grant access to any protected resource.
[RHSSO-599] - Replacing link with fake 2016-11-29 15:30:53 +00:00			`[[_resource_server_default_config]]`
Convert Authorization Service to a flat topic structure (#212) * Convert Authorization Service to a flat topic structure * Fix issue with toc being cut 2017-10-09 06:38:46 +00:00			`= Default Configuration`
Updating docs with latest changes. 2016-06-16 17:08:04 +00:00
Convert documentation to AsciiDoctor 2017-08-28 12:50:14 +00:00			`When you create a resource server, {project_name} creates a default configuration for your newly created resource server.`
Updating docs with latest changes. 2016-06-16 17:08:04 +00:00
			`The default configuration consists of:`

			`* A default protected resource representing all resources in your application.`
[KEYCLOAK-3546] - A lot of fixes and improvements to docs from srehorn. 2016-09-09 03:53:39 +00:00			`* A policy that always grants access to the resources protected by this policy.`
Updating docs with latest changes. 2016-06-16 17:08:04 +00:00			`* A permission that governs access to all resources based on the default policy.`

General cleanup and edits of the documentation 2016-11-15 21:34:20 +00:00			`The default protected resource is referred to as the default resource and you can view it if you navigate to the Resources tab.`
Updating docs with latest changes. 2016-06-16 17:08:04 +00:00
KEYCLOAK-16923-FIX Revising Authorization Services Guide for Red Hat Standards (#1358) 2022-04-18 14:10:57 +00:00			`.Default resource`
Preparing Securing Apps and Authorization Services Guide for RHBK (#1684) Closes #1682 2022-10-13 20:14:20 +00:00			`image:images/resource-server/default-resource.png[alt="Default resource"]`
Updating docs with latest changes. 2016-06-16 17:08:04 +00:00
General cleanup and edits of the documentation 2016-11-15 21:34:20 +00:00			This resource defines a `Type`, namely `urn:my-resource-server:resources:default` and a `URI` `/*`. Here, the `URI` field defines a
Convert documentation to AsciiDoctor 2017-08-28 12:50:14 +00:00			`wildcard pattern that indicates to {project_name} that this resource represents all the paths in your application. In other words,`
Move documentation to keycloak-client Closes #31870 Signed-off-by: rmartinc <rmartinc@redhat.com> 2024-08-19 07:48:48 +00:00			`when enabling policy enforcement for your application, all the permissions associated with the resource`
General cleanup and edits of the documentation 2016-11-15 21:34:20 +00:00			`will be examined before granting access.`
Updating docs with latest changes. 2016-06-16 17:08:04 +00:00
Convert documentation to AsciiDoctor 2017-08-28 12:50:14 +00:00			The `Type` mentioned previously defines a value that can be used to create <<_permission_typed_resource, typed resource permissions>> that must be applied
Fixes based on Stian feedback. 2016-07-26 21:34:49 +00:00			`to the default resource or any other resource you create using the same type.`

General cleanup and edits of the documentation 2016-11-15 21:34:20 +00:00			`The default policy is referred to as the only from realm policy and you can view it if you navigate to the Policies tab.`
Updating docs with latest changes. 2016-06-16 17:08:04 +00:00
KEYCLOAK-16923-FIX Revising Authorization Services Guide for Red Hat Standards (#1358) 2022-04-18 14:10:57 +00:00			`.Default policy`
Preparing Securing Apps and Authorization Services Guide for RHBK (#1684) Closes #1682 2022-10-13 20:14:20 +00:00			`image:images/resource-server/default-policy.png[alt="Default policy"]`
Updating docs with latest changes. 2016-06-16 17:08:04 +00:00
Convert documentation to AsciiDoctor 2017-08-28 12:50:14 +00:00			`This policy is a <<_policy_js, JavaScript-based policy>> defining a condition that always grants access to the resources protected by this policy. If you click this policy you can see that it defines a rule as follows:`
Updating docs with latest changes. 2016-06-16 17:08:04 +00:00
			```js
Fixes based on Stian feedback. 2016-07-26 21:34:49 +00:00			`// by default, grants any permission associated with this policy`
			`$evaluation.grant();`
Updating docs with latest changes. 2016-06-16 17:08:04 +00:00			```

General cleanup and edits of the documentation 2016-11-15 21:34:20 +00:00			`Lastly, the default permission is referred to as the default permission and you can view it if you navigate to the Permissions tab.`
Updating docs with latest changes. 2016-06-16 17:08:04 +00:00
			`.Default Permission`
Preparing Securing Apps and Authorization Services Guide for RHBK (#1684) Closes #1682 2022-10-13 20:14:20 +00:00			`image:images/resource-server/default-permission.png[alt="Default Permission"]`
Updating docs with latest changes. 2016-06-16 17:08:04 +00:00
Convert documentation to AsciiDoctor 2017-08-28 12:50:14 +00:00			`This permission is a <<_permission_create_resource, resource-based permission>>, defining a set of one or more policies that are applied to all resources with a given type.`
Updating docs with latest changes. 2016-06-16 17:08:04 +00:00
KEYCLOAK-16923-FIX Revising Authorization Services Guide for Red Hat Standards (#1358) 2022-04-18 14:10:57 +00:00			`== Changing the default configuration`
Updating docs with latest changes. 2016-06-16 17:08:04 +00:00
Update default-config.adoc 2017-03-14 07:15:30 +00:00			`You can change the default configuration by removing the default resource, policy, or permission definitions and creating your own.`

Fix minor typos in the 'Authorization Services' guide (#1700) 2022-10-19 06:33:25 +00:00			`The default resource is created with a URI that maps to any resource or path in your application using a /* pattern. Before creating your own resources, permissions and policies, make`
Group policy docs and minor fixes to summary 2017-09-22 18:23:59 +00:00			`sure the default configuration doesn't conflict with your own settings.`

Update default-config.adoc 2017-03-14 07:15:30 +00:00			`[NOTE]`
KEYCLOAK-7269 Resource is now configurable with multiple URIS instead of one 2018-07-16 08:25:03 +00:00			The default configuration defines a resource that maps to all paths in your application. If you are about to write permissions to your own resources, be sure to remove the Default Resource or change its ```URIS``` fields to a more specific paths in your application. Otherwise, the policy associated with the default resource (which by default always grants access) will allow {project_name} to grant access to any protected resource.