Skip to content

Why to use Keycloak Authorization ?

Keycloak supports fine-grained authorization policies and is able to combine different access control mechanisms such as:

  • Attribute-based access control (ABAC)
  • Dynamic Role-based access control (RBAC) without any Java code changes
  • User-based access control (UBAC)
  • Context-based access control (CBAC)
  • Rule-based access control
    • Using JavaScript
  • Time-based access control


  • Decouple authorization from services
  • Dynamic access control model ( can change access to resources without changing your source code )
  • Supports UMA
  • Performance – less rountrips to our keycloak server
  • Fine grained Access due resource-based approach

UMA Use case

  • Jdoe wants to access Alice’s pictures
  • Jdoe request access to Alice’s pictures
  • Alice is notified about the request and apporove it
  • Jdoe can now access Alice’s pictures
  • Anytime Alice can revoke access to her pictures


Published inKeycloak

Be First to Comment

Leave a Reply

Your email address will not be published. Required fields are marked *