[keycloak-user] View-users permissions only view some users
Dmitry Telegin
dt at acutus.pro
Tue Jul 10 06:41:31 EDT 2018
Hi Nicolas,
You could try the following:
- put your users into a group;
- create another user;
- grant this user "query-groups" and "impersonation" roles (from the
"realm-management" or "master-realm" client, depending on the realm);
- go to your group, enable permissions, open "view" permission, add a
user policy to allow the user to view group, then repeat for "view-
members" permission.
Now your newly added admin user will be restricted to the contents of
the group. He won't be able to view/impersonate other users, even if he
knows the user's internal ID.
Cheers,
Dmitry Telegin
CTO, Acutus s.r.o.
Keycloak Consulting and Training
Pod lipami street 339/52, 130 00 Prague 3, Czech Republic
+42 (022) 888-30-71
E-mail: info at acutus.pro
On Fri, 2018-07-06 at 09:10 +0000, Nicolas Gillet wrote:
> Hello,
>
> Is it possible to grant a user the permission to view only some (not
> all) users of the realm ?
> Same question about being allowed to impersonate only the user he is
> allowed to see ?
>
> Thank for any help :-)
>
> Nicolas GILLET
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
More information about the keycloak-user
mailing list