New proposal to introduce Namespaced Roles

9 views
Skip to first unread message

Daniel Gozalo Barquilla

unread,
Sep 30, 2021, 1:39:06 PMSep 30
to Keycloak Dev
Hi everyone,

I've just created a new proposal to have namespaced roles in Keycloak. This feature will tie in with the Dynamic Scopes / Rich Authorization Requests feature(s), giving users more flexibility on how to define/assign/reference roles in a specific context.


As always, feedback is welcome so we can polish any rough edges in the initial proposal.

Regards,
Daniel.

Daniel Gozalo

Principal Software Engineer

dgoz...@redhat.com


Daniel Gozalo Barquilla

unread,
Oct 14, 2021, 6:50:23 AMOct 14
to Keycloak Dev
Hi,

I've updated the Namespaced Roles proposal to include some new use cases and changes.

The whole idea of this proposal is to enhance the way we define roles in Keycloak, adding a namespace that can be leveraged for different uses:

- They will be used to scope management roles to specific realms so Keycloak can avoid creating redundant clients whose only purpose is to group management roles together.
- They can also be used to define fine-grained permissions both for Keycloak internal management, and user defined roles.
- Another thing we wanted to allow was to assign a role in the context of an entity. With the current implementation, everyone in a group has the same role because it's inherited from the group. With the new implementation, a user can have a role per group which is different from the rest of users.
- Lastly, it will allow users to define their own roles hierarchy that matches their business needs and decide how to map them to token claims more easily.

Again, this is the PR for this proposal: https://github.com/keycloak/keycloak-community/pull/318 and the GitHub discussion around the proposal: https://github.com/keycloak/keycloak/discussions/8516.

I'm looking forward to getting some feedback from the community.

Regards,
Daniel.

Daniel Gozalo

Principal Software Engineer

dgoz...@redhat.com



Reply all
Reply to author
Forward
0 new messages