From d1b05ff0cec8ec72abf1c2cabf728ef21768f71e Mon Sep 17 00:00:00 2001 From: Pedro Igor Date: Thu, 13 Jun 2019 15:02:49 -0300 Subject: [PATCH] [KEYCLOAK-10443] - Define a global decision strategy for resource servers --- .../topics/resource-server-enable-authorization.adoc | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/authorization_services/topics/resource-server-enable-authorization.adoc b/authorization_services/topics/resource-server-enable-authorization.adoc index 61ab0f7739..e6856bbae0 100644 --- a/authorization_services/topics/resource-server-enable-authorization.adoc +++ b/authorization_services/topics/resource-server-enable-authorization.adoc @@ -62,6 +62,10 @@ Requests are allowed even when there is no policy associated with a given resour + Disables the evaluation of all policies and allows access to all resources. + +* *Decision Strategy* ++ +This configurations changes how the policy evaluation engine decides whether or not a resource or scope should be granted based on the outcome from all evaluated permissions. `Affirmative` means that at least one permission must evaluate to a positive decision in order grant access to a resource and its scopes. `Unanimous` means that all permissions must evaluate to a positive decision in order for the final decision to be also positive. As an example, if two permissions for a same resource or scope are in conflict (one of them is granting access and the other is denying access), the permission to the resource or scope will be granted if the choosen strategy is `Affirmative`. Otherwise, a single deny from any permission will also deny access to the resource or scope. ++ * *Remote Resource Management* + Specifies whether resources can be managed remotely by the resource server. If false, resources can be managed only from the administration console. \ No newline at end of file