如何管理Keycloak角色? [英] How are Keycloak roles managed?
问题描述
Keycloak是一个很棒的工具,但是缺少适当的文档.
Keycloak is a great tool, but it lacks proper documentation.
所以我们有Realm.roles,Client.roles和User.roles
So we have Realm.roles, Client.roles and User.roles
使用特定客户端访问应用程序时,这3种如何协同工作?
How do there 3 work together when accessing an application using a specific client?
此致
推荐答案
在KeyCloak中,我们具有这三个角色:
In KeyCloak we have those 3 roles:
- 领域 角色
- 客户 角色
- 复合 角色
- Realm Role
- Client Role
- Composite Role
KeyCloak中没有用户角色.您很可能将其与用户角色映射相混淆,后者基本上是将角色(领域,客户端或组合)映射到特定用户
There are no User Roles in KeyCloak. You most likely confused that with User Role Mapping, which is basically mapping a role (realm, client, or composite) to the specific user
为了弄清楚这些角色实际上是如何工作的,让我们首先看一下我创建的一个简单的Realm模型.如下图所示,每个领域都有一个或多个 Clients .每个客户都可以附加多个用户.
In order to find out how these roles actually work, let's first take a look at a simple Realm model I created. As you can see in picture below, every Realm has one or multiple Clients. And every Client can have multiple Users attached to it.
现在,应该很容易得出结论,即角色映射是如何工作的.
Now from this it should be easy to conclude how role mappings work.
领域角色:这是一个全局角色,属于该特定领域.您可以从任何客户端访问它并映射到任何用户. Ex角色:全局管理员,管理员"
Realm Role: It is a global role, belonging to that specific realm. You can access it from any client and map to any user. Ex Role: 'Global Admin, Admin'
客户端角色:它是仅属于该特定客户端的角色.您不能从其他客户端访问该角色.您只能将其映射到该客户端的用户". 前任角色:员工,客户"
Client Role: It is a role which belongs only to that specific client. You cannot access that role from a different client. You can only map it to the Users from that client. Ex Roles: 'Employee, Customer'
综合角色:该角色具有一个或多个关联的角色(领域或客户端角色).
Composite Role: It is a role that has one or more roles (realm or client ones) associated to it.
这篇关于如何管理Keycloak角色?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
