[keycloak-dev] more things we need

[Stian Thorgersen]

----- Original Message -----
> From: "Bill Burke" <bburke at redhat.com>
> To: "Stian Thorgersen" <stian at redhat.com>
> Cc: keycloak-dev at lists.jboss.org
> Sent: Friday, 17 January, 2014 2:30:12 PM
> Subject: Re: [keycloak-dev] more things we need
> 
> 
> 
> On 1/17/2014 4:06 AM, Stian Thorgersen wrote:
> >
> >
> > ----- Original Message -----
> >> From: "Bill Burke" <bburke at redhat.com>
> >> To: keycloak-dev at lists.jboss.org
> >> Sent: Friday, 17 January, 2014 1:18:52 AM
> >> Subject: [keycloak-dev] more things we need
> >>
> >> One thing I notice from doing the tutorial:
> >>
> >> * User account management should be turned on by default
> >
> > Agreed - working on this now (also removing the option to disable it, if
> > someone really wants that we can add it back later)
> >
> 
> Do you add a default role for the Acct Service?

Yes

> 
> >> * Default roles should be visible even without registration and
> >> privileges should be automatic for the Account Server for all users.
> >
> > In the future this should use a default composite role, which would make
> > the updating of users automatically. Updating users now would be very
> > problematic for several reason, for example:
> >
> 
> Yeah, thought we planned that already...

Yes, KEYCLOAK-120 for composite roles and I just added KEYCLOAK-267 to replace default roles with a single composite default role

> 
> > * Would need to update all users when a default role is added/removed
> > * If an admin explicitly removes some default roles for a set of users, we
> > could end up adding it back if the default roles are changed
> >
> > How about for the alpha we rename it from "Registration" to "Default
> > Roles". Then we add those roles to users created through the admin console
> > as well as self-registered users.
> >
> 
> +1
> 
> Yes, that too.--
> Bill Burke
> JBoss, a division of Red Hat
> http://bill.burkecentral.com
>