[keycloak-user] User cannot assign client Role to user with just
robrecht anrijs
robrecht.anrijs at gmail.com
Wed Sep 11 15:37:33 EDT 2019
Sebastian,
Thx for the quick response, I've tried it, indeed, it's better. Only that
client is visible now.
But I would expect, that I don't have to give access to the whole client.
When using fine-grained permissions I have to add my user-policy to the
view-scope permission of the specific client. Only then the user can add a
client-role to a user or group.
I would expect that the map-roles scope would be sufficient?
Regards,
Robrecht
Op wo 11 sep. 2019 om 15:52 schreef Schuster Sebastian (INST-CSS/BSV-OS2) <
Sebastian.Schuster at bosch-si.com>:
> Hi Robrecht,
>
> That’s exactly how we do it, give the user query-clients and fine-grained
> permissions on every client he is allowed to see.
>
> Best regards,
> Sebastian
>
> Mit freundlichen Grüßen / Best regards
>
> Dr.-Ing. Sebastian Schuster
>
> Open Source Services (INST-CSS/BSV-OS2)
> Bosch Software Innovations GmbH | Ullsteinstr. 128 | 12109 Berlin |
> GERMANY | www.bosch-si.com
> Tel. +49 30 726112-485 | Mobil +49 152 02177668 | Fax +49 30 726112-100 |
> Sebastian.Schuster at bosch-si.com
>
> Sitz: Berlin, Registergericht: Amtsgericht Charlottenburg; HRB 148411 B
> Aufsichtsratsvorsitzender: Dr.-Ing. Thorsten Lücke; Geschäftsführung: Dr.
> Stefan Ferber, Michael Hahn, Dr. Aleksandar Mitrovic
>
>
>
>
> -----Ursprüngliche Nachricht-----
> Von: keycloak-user-bounces at lists.jboss.org <
> keycloak-user-bounces at lists.jboss.org> Im Auftrag von robrecht anrijs
> Gesendet: Mittwoch, 11. September 2019 13:43
> An: keycloak-user at lists.jboss.org
> Betreff: [keycloak-user] User cannot assign client Role to user with just
>
> Hi keycloak users,
>
> We recently upgraded from keycloak 3.4.3 to 6.0.1, and noticed that a user
> with the roles 'manage-users' and 'view-users' on the client
> 'realm-management' cannot see the list of client roles any more. Because of
> that, the user cannot assing a specific client role to a group or a user.
>
> Screenshot:
> I[image: image.png]
> Is this a bug? Or is expected behaviour?
>
> As a workaround I added the role 'view-clients' to that user, but now the
> users sees to much. I only want to configure that user, so he can manage
> the roles for users & groups. Do I need to enahble the fine-grained
> permissions for that (
> https://www.keycloak.org/docs/6.0/server_admin/#_fine_grain_permissions)
>
> Thx for the answers,
>
> Kind regards,
> Robrecht
>
More information about the keycloak-user
mailing list