29 docs tagged with "authorization"

Access Gateway integrates with Keycloak for token validation and exchange, and with the Keymate Authorization Decision Provider for fine-grained permission evaluation.

gRPC API reference for Keymate's fine-grained authorization service based on the Zanzibar model.

Glossary definition for Authorization Model in the Keymate platform.

How Keymate resolves organizational context and evaluates resource-level permissions across Tenant boundaries.

Glossary definition for Decision Trace — the policy evaluation record, distinct from OpenTelemetry distributed traces.

Glossary definition for Delegation in the Keymate platform.

Glossary definition for DSAC (Data Security Authorization Control) in the Keymate platform.

Understand the Keymate APISIX access plugin architecture, configuration options, and extension points for customization.

Understand the Keymate Istio WASM access plugin architecture, configuration options, deployment model, and extension points.

Glossary definition for FGA Engine (Fine-Grained Authorization Engine) in the Keymate platform.

How Keymate uses Keycloak groups to manage collective permissions through hierarchical, attribute-bearing group structures at realm scope

Install, configure, and use the Keymate Java SDK to perform permission checks, list permissions, and retrieve organization context from JVM-based applications.

Install, configure, and use the Keymate JavaScript SDK to check permissions, manage tokens, and retrieve organization context from Node.js or browser apps.

Glossary definition for the Keymate Authorization Decision Provider in the Keymate platform.

Access Gateway is the centralized PDP Proxy and Edge Orchestrator that validates tokens, evaluates access rules, and enforces authorization decisions for every permission check request.

The Keymate Authorization Decision Provider is the centralized authorization decision authority that evaluates fine-grained permission checks within Keycloak.

Choose the right Keymate SDK for your platform and understand the common authorization model shared across all client libraries.

Reference for permission evaluation request and response structures used by the Authorization Decision Provider.

Create, browse, edit, and delete permissions in the Admin Console to bind policies to resources and scopes on a resource server

Create, edit, assign, and delete authorization and Keycloak policies in the Admin Console to govern access across tenants and clients

Glossary definition for Policy Engine in the Keymate platform.

Central service for managing authorization policies — supports RBAC, ABAC, ReBAC, PBAC, RADAC, and Dynamic policy models.

How Keymate evaluates permission requests against configured policies and produces per-resource, per-scope GRANT or DENY decisions.

Glossary definition for RADAC (Risk-Adaptive Access Control) in the Keymate platform.

Understand how Keymate models protected digital assets with extended metadata, classification, and lifecycle management.

Create, browse, edit, and delete resources, resource types, and resource categories in the Admin Console

REST API reference for role management and authorization decisions

Glossary definition for Scope in the Keymate platform.

Define actions on resources and organize authorization boundaries with Keymate's hierarchical scope type system.