[keycloak-user] Roles for User Management
Vito Vessia
vvessia at katamail.com
Tue Aug 4 12:00:18 EDT 2015
Hi all,
I'm trying to use KC for a suite of multitenant webapps. Each
tenant/customer has a separated realm and I use a custom Federation
Provider to map users and roles to my company's legacy custom ACL database.
Customers also want to manage/create users by their own, but I don't want
they manage other realm stuff like Federation Provider parameters, client
apps, etc, so I have to provide to some users of each realm the only roles
of "manage-user"/"view-users" from the app realm-management, so they can
only view the Manage User option in the realm Console.
The problem is that through the console they may promote themselves
assigning to existing users or to new users the role of "manage-realm" and
after a simple refresh they can manage the entire realm.
Is there a way to avoid this or am I wrong to do this?
One more question connected to this one: is there a way to localize also
the realm console? If my customers have to manage their own users, they
would read labels and messages in their own languages.
Thank you very much for your time and for your great and versatile product.
Best regards
--Vito
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20150804/595e563f/attachment-0001.html
More information about the keycloak-user
mailing list