diff --git a/src/keycloak/keycloak_admin.py b/src/keycloak/keycloak_admin.py
index 6fa7f12..3986581 100644
--- a/src/keycloak/keycloak_admin.py
+++ b/src/keycloak/keycloak_admin.py
@@ -1576,6 +1576,85 @@ class KeycloakAdmin:
data_raw, KeycloakPostError, expected_codes=[201], skip_exists=skip_exists
)
+ def create_client_authz_group_based_policy(self, client_id, payload, skip_exists=False):
+ """Create group-based policy of client.
+
+ Payload example::
+
+ payload={
+ "type": "group",
+ "logic": "POSITIVE",
+ "decisionStrategy": "UNANIMOUS",
+ "name": "Policy-1",
+ "groups": [
+ {
+ "id": id
+ }
+ ]
+ }
+
+ :param client_id: id in ClientRepresentation
+ https://www.keycloak.org/docs-api/18.0/rest-api/index.html#_clientrepresentation
+ :type client_id: str
+ :param payload: No Document
+ :type payload: dict
+ :param skip_exists: Skip creation in case the object exists
+ :type skip_exists: bool
+ :return: Keycloak server response
+ :rtype: bytes
+
+ """
+ params_path = {"realm-name": self.realm_name, "id": client_id}
+
+ data_raw = self.connection.raw_post(
+ urls_patterns.URL_ADMIN_CLIENT_AUTHZ_GROUP_BASED_POLICY.format(**params_path),
+ data=json.dumps(payload),
+ )
+ return raise_error_from_response(
+ data_raw, KeycloakPostError, expected_codes=[201], skip_exists=skip_exists
+ )
+
+ def create_client_authz_scope_based_permission(self, client_id, payload, skip_exists=False):
+ """Create scope-based permission of client.
+
+ Payload example::
+
+ payload={
+ "type": "resource",
+ "logic": "POSITIVE",
+ "decisionStrategy": "UNANIMOUS",
+ "name": "Permission-Name",
+ "scopes": [
+ scope_id
+ ],
+ "policies": [
+ policy_id
+ ]
+
+ :param client_id: id in ClientRepresentation
+ https://www.keycloak.org/docs-api/18.0/rest-api/index.html#_clientrepresentation
+ :type client_id: str
+ :param payload: PolicyRepresentation
+ https://www.keycloak.org/docs-api/18.0/rest-api/index.html#_policyrepresentation
+ :type payload: dict
+ :param skip_exists: Skip creation in case the object already exists
+ :type skip_exists: bool
+ :return: Keycloak server response
+ :rtype: bytes
+
+ """
+ params_path = {"realm-name": self.realm_name, "id": client_id}
+
+ data_raw = self.connection.raw_post(
+ urls_patterns.URL_ADMIN_CLIENT_AUTHZ_SCOPE_BASED_PERMISSION.format(**params_path),
+ data=json.dumps(payload),
+ )
+ return raise_error_from_response(
+ data_raw, KeycloakPostError, expected_codes=[201], skip_exists=skip_exists
+ )
+
+
+
def create_client_authz_resource_based_permission(self, client_id, payload, skip_exists=False):
"""Create resource-based permission of client.
diff --git a/src/keycloak/urls_patterns.py b/src/keycloak/urls_patterns.py
index e5c54ab..1a3ad44 100644
--- a/src/keycloak/urls_patterns.py
+++ b/src/keycloak/urls_patterns.py
@@ -117,6 +117,8 @@ URL_ADMIN_CLIENT_AUTHZ_SCOPES = URL_ADMIN_CLIENT_AUTHZ + "/scope?max=-1"
URL_ADMIN_CLIENT_AUTHZ_PERMISSIONS = URL_ADMIN_CLIENT_AUTHZ + "/permission?max=-1"
URL_ADMIN_CLIENT_AUTHZ_POLICIES = URL_ADMIN_CLIENT_AUTHZ + "/policy?max=-1&permission=false"
URL_ADMIN_CLIENT_AUTHZ_ROLE_BASED_POLICY = URL_ADMIN_CLIENT_AUTHZ + "/policy/role?max=-1"
+URL_ADMIN_CLIENT_AUTHZ_GROUP_BASED_POLICY = URL_ADMIN_CLIENT_AUTHZ + "/policy/group?max=-1"
+URL_ADMIN_CLIENT_AUTHZ_SCOPE_BASED_PERMISSION = URL_ADMIN_CLIENT_AUTHZ + "/permission/scope?max=-1"
URL_ADMIN_CLIENT_AUTHZ_RESOURCE_BASED_PERMISSION = (
URL_ADMIN_CLIENT_AUTHZ + "/permission/resource?max=-1"
)