Advanced Keycloak

Note

This section is intended to enable experienced Keycloak admins to add additional features. You do not need to perform any steps below to configure a basic installation.

Once you have configured Keycloak using your preferred service, an advanced admin can use Keycloak to implement data access authorization policies.

Keycloak allows you to create policies and permissions to permit or restrict access by users or groups to data stored in the Obcerv platform and the APIs that can be used to directly or indirectly modify that data.

Keycloak realms are used to provide logical separation of users, groups, roles, and similar concepts between different contexts. A default master realm exists which is used for administrative purposes, such as the bootstrapping and initial configuration of Keycloak itself, including the creation of the obcerv realm.

The configuration of data access authorization described in this section of the documentation is solely for the obcerv realm – this is where users and groups that are used to login to Obcerv exist.