[keycloak-user] Authorization Services - Admin Console

[Pedro Igor Silva]

You are not the first one to indicate this limitation. We need to plan a
review fine-grained admin permissions and discuss what we want or not to
support.

There are some known limitations and I think the idea behind the
implementation would be to check how people would use this functionality.
Based on all feedback we are receiving from community, I think we can start
looking at improving this functionality.

There is https://issues.jboss.org/browse/KEYCLOAK-6127, which I think is
related wth your problem. If so, feel free to push more details.

Regards.
Pedro Igor

On Thu, Jun 28, 2018 at 7:25 AM, gambol <gambol99 at gmail.com> wrote:

> Hiya
>
> I'm guessing this isn't possible yet but just in case, is it possible to
> provide fine-grain controls over the creation of local accounts. At the
> moment we have a project whom we to gave the ability to control membership
> of one or more groups via "User Policy" in authorization services. We would
> like them to be able to "create" a user as well, but retain the above
> limitation. At the moment this doesn't look like its possible as the only
> way to get the "Add User" button is to add the "manage-users" role from
> "realm-management" .. This unfortunately gives the access to do anything
> they want with the users .. adding a group, delete etc etc
>
> Are there any plan's to extend the scopes available under the Users
> resource type? ..
>
> Rohith
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>