[keycloak-user] Manage-user permission is always overriden in fine-grain permission

[Pedro Igor Silva]

That is a known limitation. Would you mind creating a RFE for this ? There
also other parts where you must have the "manage-*'" roles to perform
actions, like those you mentioned.

Regards.
Pedro Igor

On Fri, Jun 8, 2018 at 4:10 AM, Ansari, Hasebullah <
hasebullah.ansari at syntlogo.de> wrote:

> Hello,
>
>                 I have a use-case where I want to create a dedicated realm
> for one organization with an admin user. But when I give the role
> ‘realm-admin’ to this user and literally he could anything in this realm,
> managing clients, managing user, etc. And if the user is not very well
> known with keycloak then he can also disturb the settings or configuration
> of the realm it self. Like deleting roles from ‘realm-management’ and with
> managing user with ‘manage-user’ stuff client for example. Now I have
> achieved to restrict this admin doing such things but now with the fine
> grain permission and without ‘manage-clients’ and ‘manage-users’ roles, I
> cannot see the ‘create client’ and ‘create user’ button in the dedicated
> realm admin console. In my usecase I want the admin user to create client
> and user by himself but not manage everything like stated above.
>
> Cheers,
>
> Hasebullah A Ansari
> Master of Engineering in IT, Heidelberg
>
> IT Specialist / Java Entwickler
> Syntlogo GmbH
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user