[keycloak-user] Add custom roles in realm-management client
Waldemar Schmalz
waldemar.schmalz at codecentric.de
Tue Jun 19 12:56:20 EDT 2018
Hello,
I have created a new client-role in client "realm-management". It's called
"manage-roles" and its purpose is (or should be) to grant users access to
create, edit and delete roles in their realms. In the base theme this is
only possible when users have access to the role "manage-realm" in client
"realm-management". But with this client-role the user is able to manage
the whole realm, not only the roles. My user is only allowed to manage
roles, users and groups in this case.
I changed the html-files so that the keycloak sidebar menu is working: Menu
item "Roles" is visible for user with my custom client-role "manage-role".
I also extented the getAccessObject() method in my themes
controller/realm.js with the needed new role "manageRoles".
Accessing the roles-list page is working, but accessing the role-details
page (when clicking on a specific role) fails. I get a 403 Forbidden. My
question is: Is there something I forgot?, where is the check for returning
a 200 OK or a Forbidden for this case? It seems it is not in the templates
files, like for the side-menu?
If I forgot any information or something, please contact me.
Thank you, your help is much appreciated!
Best regards
Waldemar
More information about the keycloak-user
mailing list