[keycloak-user] Fine grained Permission
Pedro Igor Silva
psilva at redhat.com
Fri Oct 26 09:10:20 EDT 2018
I agree, we have been discussing improvements on how we manage admin
permissions. One of the problems is that even when using permissions,
access still rely on roles such as manage-*, view-*, query-*.
This should be possible for users. I think for groups, you would need to
grant the "manage-users" roles with does not make sense for your case. But
for users, if you grant only "query-users" to some user and then configure
the "map-role" to a specific role, if the user does not have access to the
role it will not show up in the list of available roles.
Regards.
Pedro Igor
On Fri, Oct 26, 2018 at 9:56 AM abhishek raghav <abhi.raghav007 at gmail.com>
wrote:
> Hi
>
> Is it possible to implement fine grained permissions - which can restrict
> an Admin user to assign a specific Realm Role to any group in that realm.
>
> The way fine grained permissions works are little complex to understand as
> there are so many moving parts. Any clues are highly appreciated.
>
> Thanks.
>
> *- Best*
> Abhishek
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
More information about the keycloak-user
mailing list