Permissions by resources and scopes¶
Next to Permissions by roles you can also implement permissions by syncing Django models as resources in Keycloak and the default permissions in Django as scopes in Keycloak.
Setup¶
To configure Django Keycloak to make use of the Resource / Scope method of permission assigning add the following setting:
# your-project/settings.py
KEYCLOAK_PERMISSIONS_METHOD = 'resource'
Synchronization¶
In Keycloak enable “Remote Resource Management” for the client:
You can use the Django Admin action “Synchronize models as Keycloak resources” to synchronize models and scopes to Keycloak.
An alternative is to run the Django management command keycloak_sync_resources:
$ python manage.py keycloak_sync_resources
Optionally you can supply a client to which the resources should be synchronized.
Usage¶
After synchronizing you can find the the models as resources and the default permissions as scopes:
Resources:
Scopes:
From here you are able to configure your policies and permissions and assign them to users of groups using roles in Keycloak. Once assigned you get them back as permissions in Django where the policies are combined with the resources just like you are used to in the default Django permission system i.e. foo.add_bar or foo.change_bar.