In addition to the KEYCLOAKOAUTH policy, you can use the Authorization policy to add a list of fine-grained authorization rules which allows you to control precisely who is allowed to access the API.
Make sure that you configure the Authorization policy after the standard authentication. |
The configuration of this policy consists of a number of rules that are applied to any inbound request to the API. Each rule consists of a regular expression pattern, an HTTP verb and the role that an authenticated user must possess in order for access to be granted.
It is also possible to apply the rules for all requests by using a wildcard regular expression.
Example:
Additional role authorization with the Authorization policy:
Refer to AUTHORIZATION for a detailed overview on all settings of this policy. |