[keycloak-user] group management
Pedro Igor Silva
psilva at redhat.com
Wed May 23 10:44:58 EDT 2018
On Wed, May 23, 2018 at 10:18 AM, Pierre Nowak <pnowak.pierre at gmail.com>
wrote:
> Hello,
>
> I am struggling with setting up fine grained group management.
>
> I would like to give access a specific user to the following actions on a
> specific group:
>
> - view only users in a specific group (don't see the whole list of users)
If you setup the permission "view-members
<http://localhost:8180/auth/admin/master/console/#/realms/fine-grained-admin/clients/ff57b14d-a4b8-4fa6-9eac-d810eee910db/authz/resource-server/permission/scope/9ea51106-a970-44f0-80c2-4df8416422df>"
for a Group, you should be able to restrict which users are show
accordingly with a policy. You should also make sure your user (accessing
the admin console) is assigned with "query-users". Make sure "view-users"
and "manage-users" are not assigned with the user otherwise you will see
all users.
> - manage subgroups of a specific group (can add and delete subgroups). Do
> not see all the group list !
>
I think this is not supported at the moment. I would need to take a look.
We have other RFEs and issues around this, mabe you can fill a JIRA for
this particular one.
> - add users to my subgroups
>
If you setup the permission "manage-membership
<http://localhost:8180/auth/admin/master/console/#/realms/fine-grained-admin/clients/ff57b14d-a4b8-4fa6-9eac-d810eee910db/authz/resource-server/permission/scope/b312385b-6516-4755-88de-aa922f525343>"
for a Group, you should be able to restrict who can add/remove users from a
group.
>
> When I try to set this up this gives me the view of all the groups.
>
> Pierre
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
More information about the keycloak-user
mailing list