[keycloak-user] User cannot assign client Role to user with just
Schuster Sebastian (INST-CSS/BSV-OS2)
Sebastian.Schuster at bosch-si.com
Wed Sep 11 09:52:03 EDT 2019
Hi Robrecht,
That’s exactly how we do it, give the user query-clients and fine-grained permissions on every client he is allowed to see.
Best regards,
Sebastian
Mit freundlichen Grüßen / Best regards
Dr.-Ing. Sebastian Schuster
Open Source Services (INST-CSS/BSV-OS2)
Bosch Software Innovations GmbH | Ullsteinstr. 128 | 12109 Berlin | GERMANY | www.bosch-si.com
Tel. +49 30 726112-485 | Mobil +49 152 02177668 | Fax +49 30 726112-100 | Sebastian.Schuster at bosch-si.com
Sitz: Berlin, Registergericht: Amtsgericht Charlottenburg; HRB 148411 B
Aufsichtsratsvorsitzender: Dr.-Ing. Thorsten Lücke; Geschäftsführung: Dr. Stefan Ferber, Michael Hahn, Dr. Aleksandar Mitrovic
-----Ursprüngliche Nachricht-----
Von: keycloak-user-bounces at lists.jboss.org <keycloak-user-bounces at lists.jboss.org> Im Auftrag von robrecht anrijs
Gesendet: Mittwoch, 11. September 2019 13:43
An: keycloak-user at lists.jboss.org
Betreff: [keycloak-user] User cannot assign client Role to user with just
Hi keycloak users,
We recently upgraded from keycloak 3.4.3 to 6.0.1, and noticed that a user with the roles 'manage-users' and 'view-users' on the client 'realm-management' cannot see the list of client roles any more. Because of that, the user cannot assing a specific client role to a group or a user.
Screenshot:
I[image: image.png]
Is this a bug? Or is expected behaviour?
As a workaround I added the role 'view-clients' to that user, but now the users sees to much. I only want to configure that user, so he can manage the roles for users & groups. Do I need to enahble the fine-grained permissions for that (
https://www.keycloak.org/docs/6.0/server_admin/#_fine_grain_permissions)
Thx for the answers,
Kind regards,
Robrecht
More information about the keycloak-user
mailing list