[keycloak-user] Manage-user permission is always overriden in fine-grain permission
Ansari, Hasebullah
hasebullah.ansari at syntlogo.de
Fri Jun 8 03:10:00 EDT 2018
Hello,
I have a use-case where I want to create a dedicated realm for one organization with an admin user. But when I give the role ‘realm-admin’ to this user and literally he could anything in this realm, managing clients, managing user, etc. And if the user is not very well known with keycloak then he can also disturb the settings or configuration of the realm it self. Like deleting roles from ‘realm-management’ and with managing user with ‘manage-user’ stuff client for example. Now I have achieved to restrict this admin doing such things but now with the fine grain permission and without ‘manage-clients’ and ‘manage-users’ roles, I cannot see the ‘create client’ and ‘create user’ button in the dedicated realm admin console. In my usecase I want the admin user to create client and user by himself but not manage everything like stated above.
Cheers,
Hasebullah A Ansari
Master of Engineering in IT, Heidelberg
IT Specialist / Java Entwickler
Syntlogo GmbH
More information about the keycloak-user
mailing list