Prosoft Git

keycloak-uncached

small blurb on composites

2/14/2014 2:30:56 PM
Bill Burke

Bill Burke

Commit: 4dfe1be

Tree: 35e97ad

Parents: a793ad3

Changes

docbook/reference/en/en-US/master.xml 3(+2 -1)

docbook/reference/en/en-US/modules/roles.xml 31(+31 -0)

Details

docbook/reference/en/en-US/master.xml 3(+2 -1) 

diff --git a/docbook/reference/en/en-US/master.xml b/docbook/reference/en/en-US/master.xml
index 9d73cef..d1d7da6 100755
--- a/docbook/reference/en/en-US/master.xml
+++ b/docbook/reference/en/en-US/master.xml
@@ -16,6 +16,7 @@
                 <!ENTITY Themes SYSTEM "modules/themes.xml">
                 <!ENTITY Migration SYSTEM "modules/MigrationFromOlderVersions.xml">
                 <!ENTITY Email SYSTEM "modules/email.xml">
+                <!ENTITY Roles SYSTEM "modules/roles.xml">
                 ]>
 
 <book>
@@ -89,7 +90,7 @@
         </para>
         &Email;
     </chapter>
-
+    &Roles;
     &Migration;
 
 </book>

docbook/reference/en/en-US/modules/roles.xml 31(+31 -0) 

diff --git a/docbook/reference/en/en-US/modules/roles.xml b/docbook/reference/en/en-US/modules/roles.xml
new file mode 100755
index 0000000..1dcb89f
--- /dev/null
+++ b/docbook/reference/en/en-US/modules/roles.xml
@@ -0,0 +1,31 @@
+<chapter id="roles">
+    <title>Roles</title>
+    <para>
+        In Keycloak, roles (or permissions) can be defined globally at the realm level, or individually per application.
+        Each role has a name which must be unique at the level it is defined in, i.e. you can have only one "admin" role at
+        the realm level.  You may have that a role named "admin" within an Application too, but "admin" must be unique
+        for that application.
+    </para>
+    <para>
+        The description of a role is displayed in the OAuth Grant page when Keycloak is processing a browser OAuth
+        Grant request.  Look for more features being added here in the future like internationalization and other fine
+        grain options.
+    </para>
+
+    <section>
+        <title>Composite Roles</title>
+        <para>
+            Any realm or application level role can be turned into a Composite Role.  A Composite Role is a role that has
+            one or more additional roles associated with it.  I guess another term for it could be Role Group.
+            When a composite role is mapped to the user, the user gains the permission of that role, plus any other role the
+            composite is associated with.  This association is dynamic.  So, if you add  or remove an associated role from
+            the composite, then all users that are mapped to the composite role will automatically have those permissions
+            added or removed.  Composites can also be used to define Application or OAuth Client scopes.
+        </para>
+        <para>
+            Composite roles can be associated with any type of role Realm or Application.  In the admin console simple
+            flip the composite switch in the Role detail, and you will get a screen that will allow you to associate roles
+            with the composite.
+        </para>
+    </section>
+</chapter>
\ No newline at end of file

Bonobo Git Server (6.3.0.632) © 2015 Jakub Chodounský · Official Page · Github