Hi,
I have a service that provides different endpoints. Some endpoints take an id as a parameter. These endpoints provide data of several devices (meta data, sensor data, …).
Each device has a owner. The owners have keycloak user accounts.
I defined one resource for each endpoint in my keycloak client for the api. I defined policies, scopes and permissions, too.
A user gets permissions for certain resources based on his role. My problem here is that a user should be able to access a certain endpoint, but only for one or more device id’s - not all. I also won’t define resources in keycloak for every device. That doesn’t seem to be smart. Maybe my service can evaluate device access after the resource access was given. But how? What if a user grants access to his devices to another user? Is that possible with keycloak or do I have to solve this completely on my side?
Keycloak is pretty new for me and I’d appreciate some tips or hints to solve this.
Thank you for your time.