Resources & Scopes
Overview
Resources and Scopes form the foundation of Keymate's authorization model. A Resource represents any protected digital asset — an API endpoint, file, database record, or UI component. A Scope defines actions that can be performed on resources (read, write, delete, admin). Together, they answer the fundamental authorization question: "Can this user perform this action on this resource?"
Keymate extends Keycloak's standard resource model with rich metadata, hierarchical scope types, and organizational classification through domains, modules, types, and categories.
When to Read This Section
Read this section when you need to:
- Design a resource hierarchy for your application
- Define fine-grained scopes for authorization policies
- Understand scope type hierarchy for multi-tenant deployments
- Import resources automatically from OpenAPI specifications
Who Should Start Here
- Architects designing authorization models for new applications
- Developers integrating resources and scopes into policy definitions
- Platform engineers configuring multi-tenant resource isolation
Key Topics
- Resource representation model and metadata
- Scope definitions and permission linking
- Scope Type hierarchy (system → global → tenant → user)
- Resource Types and Categories for classification
- OpenAPI-based automatic resource discovery
Representative Journeys
- I want to understand how resources are modeled → Resource Model
- I want to define actions on resources → Scope Model
- I want to import resources from my API spec → OpenAPI Resource Import
Recommended Reading Order
- Resource Model — Understand resource representation, metadata, and lifecycle
- Scope Model — Learn about scopes, scope types, and organizational hierarchy
- OpenAPI Resource Import — Automate resource discovery from API specifications