When you create a resource server, Keycloak creates a default configuration for your newly created resource server.

The default configuration consists of:

The default protected resource is referred to as the default resource and you can view it if you navigate to the Resources tab.

This resource defines a Type, namely urn:my-resource-server:resources:default and a URI /*. Here, the URI field defines a wildcard pattern that indicates to Keycloak that this resource represents all the paths in your application. In other words, when enabling policy enforcement for your application, all the permissions associated with the resource will be examined before granting access.

The Type mentioned previously defines a value that can be used to create typed resource permissions that must be applied to the default resource or any other resource you create using the same type.

The default policy is referred to as the only from realm policy and you can view it if you navigate to the Policies tab.

This policy is a JavaScript-based policy defining a condition that always grants access to the resources protected by this policy. If you click this policy you can see that it defines a rule as follows:

Lastly, the default permission is referred to as the default permission and you can view it if you navigate to the Permissions tab.

This permission is a resource-based permission, defining a set of one or more policies that are applied to all resources with a given type.