diff --git a/changelogs/fragments/7151-fix-keycloak_authz_permission-incorrect-resource-payload.yml b/changelogs/fragments/7151-fix-keycloak_authz_permission-incorrect-resource-payload.yml
new file mode 100644
index 0000000000..2fa50a47ee
--- /dev/null
+++ b/changelogs/fragments/7151-fix-keycloak_authz_permission-incorrect-resource-payload.yml
@@ -0,0 +1,2 @@
+bugfixes:
+  - keycloak_authz_permission - resource payload variable for scope-based permission was constructed as a string, when it needs to be a list, even for a single item (https://github.com/ansible-collections/community.general/issues/7151).
diff --git a/plugins/modules/keycloak_authz_permission.py b/plugins/modules/keycloak_authz_permission.py
index 3ea61c6c93..ef81fb8c31 100644
--- a/plugins/modules/keycloak_authz_permission.py
+++ b/plugins/modules/keycloak_authz_permission.py
@@ -330,7 +330,7 @@ def main():
             if not r:
                 module.fail_json(msg='Unable to find authorization resource with name %s for client %s in realm %s' % (resources[0], cid, realm))
             else:
-                payload['resources'] = r['_id']
+                payload['resources'].append(r['_id'])
 
             for rs in r['scopes']:
                 resource_scopes.append(rs['id'])