[keycloak-dev] Hide internal clients and roles
Marek Posolda
mposolda at redhat.com
Wed Jun 10 09:56:36 EDT 2015
On 10.6.2015 15:48, Stian Thorgersen wrote:
> Maybe by default we hide them, but have an option to view?
yeah. Or display them in the list, but with some different color/flag
and when someone click on it, it will display some confirmation dialog
with "You are trying to access internal client. Are you sure you know
what are doing?" or something like that. But I am not sure about the
usability of this though...
Marek
>
> Disabling account client is probably better done with a realm option than removing the client though.
>
> ----- Original Message -----
>> From: "Marek Posolda" <mposolda at redhat.com>
>> To: "Stian Thorgersen" <stian at redhat.com>, "keycloak dev" <keycloak-dev at lists.jboss.org>
>> Sent: Wednesday, 10 June, 2015 3:46:23 PM
>> Subject: Re: [keycloak-dev] Hide internal clients and roles
>>
>> I am like 50/50 . I can imagine this has some advantages as people won't
>> be easily able to delete system clients/roles and break their keycloak
>> server.
>>
>> On the other hand, when I am admin, I might be confused why some roles
>> are not in the roles list, but are in default roles list etc? Also if
>> someone really knows what he is doing, this might be unwanted
>> restriction - for example people may want to add more composite roles
>> into "admin" role or they want to disable account client as Vlasta
>> pointed etc.
>>
>> Marek
>>
>> On 10.6.2015 09:19, Stian Thorgersen wrote:
>>> I propose we add an attribute 'kc_internal' to internal clients
>>> (security-admin-console, master-realm, account, broker) and hide these
>>> from the clients table.
>>>
>>> We should also do this to internal roles 'admin' and 'create-realm' so
>>> these roles are not displayed in realm roles list. They would only be
>>> hidden from this page, but still be visible in user role mapping, scope
>>> mappings and default roles.
>>> _______________________________________________
>>> keycloak-dev mailing list
>>> keycloak-dev at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>
More information about the keycloak-dev
mailing list