Redundancy of adding role id for each permission under Advanced XACML Rule

[hebbarguru2]

I'm trying to use Keyrock + Wilma + Authzforce for the security of fiware apis and after creating a new role under a given application and creating new permission for the created role, why is it necessary to add the role id manually in the xacml. Shouldn't the workflow be, for a role, there will a set of permissions and hence role ids are redundant to be set for each permission manually. Example: Application Fiware-test with appid (App-1234)

• Create new Role with Role Name Company1User
• Create permission with name GetCompany1Entities and in the xacml rule, check v2/entities resource and fiware-service headers.

In the above example if role id is not mentioned in the xacml then any user with a valid token can access the resource mentioned above. But since the permission GetCompany1Entities is under Company1User Roles, shouldn't the permission be automatically assigned to users with Company1User Roles.

[SBlechmann]

Hey there,

I have the same question. When you create a permission you have to state a roleID in the permission. To me, that does not make any sense since the permissions should stand for themselves and roles should rather comprise a set of permissions.