As a newcomer to Keycloak, I'm encountering an authorization issue that I could use some help with. Specifically, I'm trying to establish a hierarchical authorization system where there are two types of entities, namely "communities" and "members," each community have set of members ( community -> member ).
Here's what I'm looking to achieve: if a user has been granted permission to a particular community (let's say, community with ID 1), he should be able to access that community as well as all its associated members, but not other communities or members. On the other hand, if a user has been granted permission to a specific member, he should be able to access that member and only read the community of this member.
Finally, I would like to enable users to have access to multiple communities and members, as needed. Any suggestions or pointers would be greatly appreciated!
i have tried to make group based and RBAC but i have struggled in making resource, group, scope, and policy per each record.
