Groups
Purpose
Describes how Keymate models groups through Keycloak's group system — hierarchical, attribute-bearing containers that assign realm roles and client roles to users collectively. This section covers group structure, role inheritance through the group tree, and how group hierarchy supports both platform-wide and team-specific access patterns.
Who This Section Is For
- Architects designing role and group strategies for multi-tenant platforms
- Administrators managing group membership and role assignments
- Developers consuming group-derived role claims in authorization logic
What You Will Find Here
- Keycloak group structure: hierarchy, attributes, and role mappings (realm and client)
- Group organization patterns: platform-wide groups for cross-cutting concerns, team groups for department-specific needs
- How group memberships and roles feed into policy evaluation and token claims
Recommended Starting Points
- Group Model — core group concepts, role inheritance, scoping, and membership resolution
- Tenant Group Inheritance — how group memberships propagate through the organizational hierarchy (planned)