How to manage permissions in organization easily?

[jaakkom]

Lets say:

Organization might have a lot of roles like:

-ViewSomenthing
-ManageSomething
-ViewSomenthing2
-ManageSomething2
....

Those are more like "scopes" than roles actually.

Role would be "admin, employee, customer" which should combine some scopes into it. Now have to select all scopes manually for each user.

[jaakkom]

Organization role composition could solve this?

[xgp]

Hi @jaakkom Thanks for the messages. There are 2 things we are considering that are relevant to your ideas.

1. [Discussion] - Decouple roles from organizations - potentially breaking change #48 Potentially decoupling roles from their association with a single organization
2. https://github.com/a8t3r/keycloak-orgs-copy/tree/support-organization-groups Creating "organization groups", which would allow the grouping you're suggesting (e.g. "admin, employee, customer")

Additionally, because we have many people using the extension, we want to have a mechanism of backwards compatibility and/or an easy upgrade path for existing users.

Also, regarding enhancement requests, if you'd like to see something (major) changed, a complete design proposal, or a PR with a complete implementation is the best way to get something into the project. @a8t3r 's groups proposal is a great example.