[keycloak-user] Add custom roles in realm-management client
Dmitry Telegin
dt at acutus.pro
Thu Jun 21 20:38:30 EDT 2018
Hi Waldemar,
What version of Keycloak are you on? Things are different for pre-3.2.0
and post-3.2.0.
Dmitry Telegin
CTO, Acutus s.r.o.
Keycloak Consulting and Training
Pod lipami street 339/52, 130 00 Prague 3, Czech Republic+ 42 (022)
888-30-71
E-mail: info at acutus.pro
> Hello,
>
> I have created a new client-role in client "realm-management". It's
> called
> "manage-roles" and its purpose is (or should be) to grant users
> access to
> create, edit and delete roles in their realms. In the base theme this
> is
> only possible when users have access to the role "manage-realm" in
> client
> "realm-management". But with this client-role the user is able to
> manage
> the whole realm, not only the roles. My user is only allowed to
> manage
> roles, users and groups in this case.
>
> I changed the html-files so that the keycloak sidebar menu is
> working: Menu
> item "Roles" is visible for user with my custom client-role "manage-
> role".
> I also extented the getAccessObject() method in my themes
> controller/realm.js with the needed new role "manageRoles".
>
> Accessing the roles-list page is working, but accessing the role-
> details
> page (when clicking on a specific role) fails. I get a 403 Forbidden.
> My
> question is: Is there something I forgot?, where is the check for
> returning
> a 200 OK or a Forbidden for this case? It seems it is not in the
> templates
> files, like for the side-menu?
>
> If I forgot any information or something, please contact me.
>
> Thank you, your help is much appreciated!
>
> Best regards
> Waldemar
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
More information about the keycloak-user
mailing list