[keycloak-user] Realm Level Admin
Travis De Silva
traviskds at gmail.com
Thu Feb 13 05:37:37 EST 2014
Wow. didn't think of the other use cases that you listed. Yes it's
definitely something that happens in the real world and would be great if
KeyCloak has these features. No complains from me if we can do what I
suggested as a starting point for obvious selfish reasons :)
I have raised a Jira case for this.
https://issues.jboss.org/browse/KEYCLOAK-292
Keycloak early champion community members, please vote for this feature.
BTW, thanks Stian, Bill and the Keycloak team for your fantastic work.
Keycloak is so simple to use and implement and that is amazing when you
think the complex problems it is solving. Wishing keycloak all the best.
On Wed, Feb 12, 2014 at 9:11 PM, Stian Thorgersen <stian at redhat.com> wrote:
> This is not possible at the moment. It's something that I'd imagine would
> be needed, and at a more fine-grained control. I can imagine scenarios such
> as:
>
> * Devs that are allowed to create/edit apps, but not manage users
> * Devs that can create clients, but not applications
> * Managers that are allowed to view user details, but not reset passwords,
> etc.
> * Admins that can do everything for a single realm, or for all realms
>
> We don't have anything planned at the moment though, and what you're
> proposing could be a sensible starting point. Please create a JIRA ;)
>
> ----- Original Message -----
> > From: "Travis De Silva" <traviskds at gmail.com>
> > To: keycloak-user at lists.jboss.org
> > Sent: Wednesday, 12 February, 2014 6:48:09 AM
> > Subject: [keycloak-user] Realm Level Admin
> >
> > I have not been able to figure out if we can have Realm level admins. My
> use
> > case is:
> >
> > We have keycloak application wide super admins. They can create new
> realms,
> > go into any realm and create users, applications etc. Just how the
> default
> > admin user operates now.
> >
> > Then within a Realm, for example lets say Demo realm, can we have a
> different
> > admin user (e.g demo realm admin) who can perform all the tasks but only
> > within that Realm. That user will not be able to view the other realms
> (i.e
> > it should not display the realm selection drop down and also should not
> be
> > able to create new realms.
> >
> > Thoughts? I am happy to raise a feature request in Jira if this is
> currently
> > not possible and doable in a future release as I believe this feature
> will
> > increase user adoption, especially for applications that are built with
> > multi-tenancy functionality.
> >
> >
> >
> >
> > _______________________________________________
> > keycloak-user mailing list
> > keycloak-user at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-user
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20140213/f7bf4011/attachment.html
More information about the keycloak-user
mailing list