xgp
commented
2 weeks ago I have a use case where I want to let admins in my organization create roles dynamically from my front-end application and map pre-defined application permissions to those roles.
A user with the organization roles manage-roles can do that.
It seems this is not supported currently since, I'm not able to associate attributes with organization roles.
I don't understand why attributes are related to an admin being able to create roles.
Sadly now I'm afraid that if I don't have any workaround with this issue of dynamic authorization, I'll have to build something on my own.
Keycloak 25 itself now has an organization feature, largely copied from this one. If you're building a new project, I'd suggest starting with that https://www.keycloak.org/docs/latest/server_admin/index.html#_managing_organizations_
youssefbennour
I have a use case where I want to let admins in my organization create roles dynamically from my front-end application and map pre-defined application permissions to those roles. It seems this is not supported currently since, I'm not able to associate attributes with organization roles. 1 - Do you have any other workaround to implement this feature ? 2 - Are there any reason why, organization roles didn't include attributes (like client roles) ? At first, I was going to implement this cross-user multi-tenancy scenario by myself with keycloak (with those clients and groups hacks), after I found out about your extension I was so happy that I won't do that. Sadly now I'm afraid that if I don't have any workaround with this issue of dynamic authorization, I'll have to build something on my own.