Role-Based Access Control with Permissions

Lab Overview

Build on your Keycloak authentication setup to implement authorization. This lab comes with Keycloak fully configured (realm, users, groups, OIDC) so you can focus entirely on the permissions framework.

Pre-configured for you:

Keycloak with backstage realm and OIDC client
Group mapper sending groups to Backstage tokens
Three test users with different group memberships:
alice.admin (platform-admins) - Full access
bob.developer (developers) - Read + limited write
carol.guest (guests) - Read only
Sign-in resolver extracting groups from tokens

You'll learn to:

Enable and configure the Backstage permissions framework
Write permission policies that check Keycloak group membership
Implement different access levels (admin, developer, guest)
Lock down software templates and catalog actions by role
Test that different users have different permissions
Understand policy decisions: ALLOW, DENY, CONDITIONAL

This hands-on lab establishes role-based security boundaries using your existing identity provider groups.

Key Resources:

Everything Included in Your Subscription

Content & Learning

Access to all courses and bootcamps
Video lessons with closed captions
Interactive quizzes and assessments
Course completion certificates

Hands-On Labs

Browser-based cloud labs
Pre-configured VMs ready to use
Playgrounds for experiments
Multi-VM realistic scenarios

AWS Integration

Managed AWS Account included
Pre-configured environments
Real-world cloud scenarios

Support & Community

Priority support
Active community forum

No Setup Required

Everything runs in your browser
No software installation needed
Automatic environment provisioning
Works on any device

Lab Overview

Prerequisites

Technologies Covered

Part of a Course

Choose your plan

Monthly Plan

Quarterly Plan