[[_resource_server_default_config]] === Default Configuration When you create a resource server, {{book.project.name}} creates a default configuration for your newly created resource server. The default configuration consists of: * A default protected resource representing all resources in your application. * A policy that always grants access to the resources protected by this policy. * A permission that governs access to all resources based on the default policy. The default protected resource is referred to as the *default resource* and you can view it if you navigate to the *Resources* tab. .Default Resource image:../../{{book.images}}/resource-server/default-resource.png[alt="Default Resource"] This resource defines a `Type`, namely `urn:my-resource-server:resources:default` and a `URI` `/*`. Here, the `URI` field defines a wildcard pattern that indicates to {{book.project.name}} that this resource represents all the paths in your application. In other words, when enabling <> for your application, all the permissions associated with the resource will be examined before granting access. The `Type` mentioned previously defines a value that can be used to create <> that must be applied to the default resource or any other resource you create using the same type. The default policy is referred to as the *only from realm policy* and you can view it if you navigate to the *Policies* tab. .Default Policy image:../../{{book.images}}/resource-server/default-policy.png[alt="Default Policy"] This policy is a <> defining a condition that always grants access to the resources protected by this policy. If you click this policy you can see that it defines a rule as follows: ```js // by default, grants any permission associated with this policy $evaluation.grant(); ``` Lastly, the default permission is referred to as the *default permission* and you can view it if you navigate to the *Permissions* tab. .Default Permission image:../../{{book.images}}/resource-server/default-permission.png[alt="Default Permission"] This permission is a <>, defining a set of one or more policies that are applied to all resources with a given type. ==== Changing the Default Configuration You can change the default configuration by removing the default resource, policy, or permission definitions and creating your own. [NOTE] The default configuration defines a resource that maps to all paths in your application. If you are about to write permissions to your own resources, be sure to remove the *Default Resource* or change its ```URI``` field to a more specific path in your application. Otherwise, the policy associated with the default resource (which by default is always granting access) will make Keycloak grant access to any protected resource.