[keycloak-user] How to configure keycloak management client to allow users manage a subset of other users?
Celso Agra
celso.agra at gmail.com
Thu Mar 23 10:40:35 EDT 2017
Hi all,
My question is more about how to configure and create a structure to manage
the Keycloak without expose my api with any security problems...
So, I belong to a governamental organization, and we choose keycloak to
manage our applications.
So, my application would have three kind of users: administrator, superuser
and common user, and all of these users has an special attribute named
"organizational unit". So they belongs to different governamental
organizations (each "organizational unit" is a governamental entity or
organization)
So, I'd like that my administrator have permissions to manage all users in
keycloak, and my superuser has permissions to manage only the common users
that belongs to the same "organizational unit" of him. So, How can I
configure this with keycloak?
I believe I have to configure the client "Realm-Management" to do that, but
how could I allow superusers to manage the common users in the same
"organizational unit"? I can't use different realms because I have only one
application for that!
Best regards,
--
---
*Celso Agra*
More information about the keycloak-user
mailing list