[keycloak-dev] Editable effective Roles

Marek Posolda mposolda at redhat.com
Mon Jul 11 09:06:51 EDT 2016


Nope, that's not possible by design.

You can think about composite role as group of other roles. For example 
if you have composite role "admin" , which consists of 3 child roles 
"administer-finance" , "administer-sales" , "administer-stuff" , then it 
means that if you assign the role "admin" to some user, he really has 
permissions to administer everything (so 3 other roles).

If you need something more fine-grained, then you need something like 
separate composite roles for every group of roles (so in your case, one 
composite role for your 10 roles to be assigned to PersonA and second 
composite role for your 9 roles to be assigned to personB). Or if it 
should be even more fine-grained, then maybe composite roles is not a 
way to go for you.

Marek

On 11/07/16 13:36, Yunus ÖNCEL wrote:
> I have a simple and short Question
>
> is it  possible?  I want editable assigned roles (effective roles). 
> Example A Person have a composite Role(10 Role ) and B Person have too 
> a same composite role (9 roles) . I don't want create new composite 
> role to a role.
>
> Thank you
>
>
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-dev/attachments/20160711/0ebe360e/attachment.html 


More information about the keycloak-dev mailing list