keycloak.authorization
¶
Submodules¶
Package Contents¶
Classes¶
Consider this simple and very common permission: |
|
A policy defines the conditions that must be satisfied to grant access to an object. |
|
Roles identify a type or category of user. Admin, user, |
|
Keycloak Authorization (policies, roles, scopes and resources). |
- class keycloak.authorization.Permission(name, type, logic, decision_strategy)[source]¶
Consider this simple and very common permission:
A permission associates the object being protected with the policies that must be evaluated to determine whether access is granted.
X CAN DO Y ON RESOURCE Z
where
- X represents one or more users, roles, or groups, or a combination of them. You can
also use claims and context here.
Y represents an action to be performed, for example, write, view, and so on.
Z represents a protected resource, for example, “/accounts”.
https://keycloak.gitbooks.io/documentation/authorization_services/topics/permission/overview.html
- __repr__(self)¶
Return repr(self).
- __str__(self)¶
Return str(self).
- property name(self)¶
- property type(self)¶
- property logic(self)¶
- property decision_strategy(self)¶
- property resources(self)¶
- property scopes(self)¶
- class keycloak.authorization.Policy(name, type, logic, decision_strategy)[source]¶
A policy defines the conditions that must be satisfied to grant access to an object. Unlike permissions, you do not specify the object being protected but rather the conditions that must be satisfied for access to a given object (for example, resource, scope, or both). Policies are strongly related to the different access control mechanisms (ACMs) that you can use to protect your resources. With policies, you can implement strategies for attribute-based access control (ABAC), role-based access control (RBAC), context-based access control, or any combination of these.
https://keycloak.gitbooks.io/documentation/authorization_services/topics/policy/overview.html
- __repr__(self)¶
Return repr(self).
- __str__(self)¶
Return str(self).
- property name(self)¶
- property type(self)¶
- property logic(self)¶
- property decision_strategy(self)¶
- property roles(self)¶
- property permissions(self)¶
- add_role(self, role)¶
Add keycloak role in policy.
- Parameters
role – keycloak role.
- Returns
- add_permission(self, permission)¶
Add keycloak permission in policy.
- Parameters
permission – keycloak permission.
- Returns
- class keycloak.authorization.Role(name, required=False)[source]¶
Roles identify a type or category of user. Admin, user, manager, and employee are all typical roles that may exist in an organization.
https://keycloak.gitbooks.io/documentation/server_admin/topics/roles.html
- property get_name(self)¶
- __eq__(self, other)¶
Return self==value.
- class keycloak.authorization.Authorization[source]¶
Keycloak Authorization (policies, roles, scopes and resources).
https://keycloak.gitbooks.io/documentation/authorization_services/index.html