Created question in FIWARE Q/A platform on 26-05-2020 at 08:05
Please, ANSWER this question AT https://ask.fiware.org/question/1157/access-control-orion-context-broker/

Question:
Access control & Orion context broker

Description:
I deployed a platform with the following modules:

Context Broker (Orion)
Fiware IDM (Keyrock)
PEP Proxy (Wilma)
...

So any authenticated user can access the context broker, it's level 1.

image:

Now I need that a user (or user group) must be authorized to access some entities.

Considering this example entity:
Service: Test
Service-Path: /Test/Demo
Entity-Id: test-entity
Type: Device

This entity should be accessible only by users Bob and Alice (belonging to the testers group).
If I understood correctly, this is level 2.

image:

The problem is that I have been browsing the web for many hours without finding anything about it (I may not have used the right keywords).
The module to use for this is probably AuthZForce, but that I don't understand how to use it with the context broker, I can't find any concrete example.

Could you confirm for me whether I should use AuthZForce to accomplish this, and give me some examples on how to configure these rules for accessing the context broker?

Thank you