[keycloak-user] Roles for User Management
Vito Vessia
vvessia at katamail.com
Wed Aug 5 10:35:37 EDT 2015
Hi Marek,
thank you very much for the answer. I have been created the issue
KEYCLOAK-1735.
Best regards
--Vito
2015-08-05 10:59 GMT+02:00 Marek Posolda <mposolda at redhat.com>:
> On 4.8.2015 18:00, Vito Vessia wrote:
>
> Hi all,
> I'm trying to use KC for a suite of multitenant webapps. Each
> tenant/customer has a separated realm and I use a custom Federation
> Provider to map users and roles to my company's legacy custom ACL database.
> Customers also want to manage/create users by their own, but I don't want
> they manage other realm stuff like Federation Provider parameters, client
> apps, etc, so I have to provide to some users of each realm the only roles
> of "manage-user"/"view-users" from the app realm-management, so they can
> only view the Manage User option in the realm Console.
> The problem is that through the console they may promote themselves
> assigning to existing users or to new users the role of "manage-realm" and
> after a simple refresh they can manage the entire realm.
> Is there a way to avoid this or am I wrong to do this?
>
> Looks like not. Feel free to create JIRA for this.
>
> One more question connected to this one: is there a way to localize also
> the realm console? If my customers have to manage their own users, they
> would read labels and messages in their own languages.
> Thank you very much for your time and for your great and versatile product.
>
> AFAIK Stan is looking at admin console localization. Maybe it will be in
> 1.5 release.
>
> Marek
>
>
> Best regards
> --Vito
>
>
> _______________________________________________
> keycloak-user mailing listkeycloak-user at lists.jboss.orghttps://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20150805/04b768aa/attachment.html
More information about the keycloak-user
mailing list