We have a complicated data model of objects within IDM. Which contains many relationships among different managed objects. We have configured AM which is integrated with IDM and would like to use AM to invoke authorization policies.
I have 2 questions;
1. How we can use IDM’s data in authorization policy? The complication is we need to orchestrate different IDM’s API calls and would like to avoid going back and forth from AM to IDM. Is there a way we can combine results of different API queries in one call?
2. What are the recommendations for Fine grained authorization vs Coarse grained Authorization in terms of who should do it. Should AM do both or we split the responsibilities between application and AM? There is an API gateway between application and Forgerock components.