[keycloak-dev] fine grain permissions merged

Bill Burke bburke at redhat.com
Mon Jun 26 22:43:01 EDT 2017

Oh yeah, I forgot one thing.  Tokens generated for admin_cli and 
security-admin-console no longer have any roles within them. Admin REST 
API now checks the "aud" claim and doesn't look in token for roles 
anymore if the "aud" is admin_cli or admin-console.  Don't know if 
that's what you mean.

On 6/26/17 8:50 PM, John D. Ament wrote:
> Bill,
> Just wondering, does this mean the performance issues previously 
> identified aren't included?
> John
> On Mon, Jun 26, 2017 at 8:18 PM Bill Burke <bburke at redhat.com 
> <mailto:bburke at redhat.com>> wrote:
>     See
>     https://issues.jboss.org/browse/KEYCLOAK-3444
>     It its currently limited to single realm administration. Can't define
>     master realm fine grain permissions.  It was too much of a pain.  Also
>     fixed the long standing issue of when admin with manage-users role
>     could
>     upgrade their management permissions. I'll be working on documentation
>     in the next week or so and will get something in by 3.2 Final.
>     Regards,
>     Bill
>     _______________________________________________
>     keycloak-dev mailing list
>     keycloak-dev at lists.jboss.org <mailto:keycloak-dev at lists.jboss.org>
>     https://lists.jboss.org/mailman/listinfo/keycloak-dev

More information about the keycloak-dev mailing list