keycloak.authorization.policy
¶
Keycloak authorization Policy module.
Module Contents¶
Classes¶
Base policy class. |
- class keycloak.authorization.policy.Policy(name, type, logic, decision_strategy)[source]¶
Base policy class.
A policy defines the conditions that must be satisfied to grant access to an object. Unlike permissions, you do not specify the object being protected but rather the conditions that must be satisfied for access to a given object (for example, resource, scope, or both). Policies are strongly related to the different access control mechanisms (ACMs) that you can use to protect your resources. With policies, you can implement strategies for attribute-based access control (ABAC), role-based access control (RBAC), context-based access control, or any combination of these.
https://keycloak.gitbooks.io/documentation/authorization_services/topics/policy/overview.html
- Parameters:
name (str) – Name
type (str) – Type
logic (str) – Logic
decision_strategy (str) – Decision strategy
- property decision_strategy[source]¶
Get decision strategy.
- Returns:
Decision strategy
- Return type:
str
- add_role(role)[source]¶
Add keycloak role in policy.
- Parameters:
role (keycloak.authorization.Role) – Keycloak role
- Raises:
KeycloakAuthorizationConfigError – In case of misconfigured policy type
- add_permission(permission)[source]¶
Add keycloak permission in policy.
- Parameters:
permission (keycloak.authorization.Permission) – Keycloak permission