<div dir="ltr">thanks for your help.</div><div class="gmail_extra"><br><div class="gmail_quote">On Sun, Oct 19, 2014 at 3:05 PM, Bill Burke <span dir="ltr"><<a href="mailto:bburke@redhat.com" target="_blank">bburke@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">No easy way to do this. Our roadmap is pretty full at the moment so<br>
we'd need the community to help out.<br>
<span><br>
On 10/18/2014 1:25 PM, Alexander Chriztopher wrote:<br>
> At the end of the day any customer data is at the tip of a finger of an<br>
> admin or other people who can see all they want with an sql statement or<br>
> even easier sometimes. I've seen a big bank who had this feature<br>
> implemented on their online banking website and it's been validated by<br>
> all the security audits out there and it was really helpful.<br>
><br>
> Is there is a nice way to get this done with Keycloak ?<br>
><br>
> Anyone has an idea !<br>
><br>
><br>
><br>
> On 17 Oct 2014, at 20:36, Stan Silvert <<a href="mailto:ssilvert@redhat.com">ssilvert@redhat.com</a><br>
</span><span>> <mailto:<a href="mailto:ssilvert@redhat.com">ssilvert@redhat.com</a>>> wrote:<br>
><br>
>> On 10/17/2014 1:53 PM, Alexander Chriztopher wrote:<br>
>>> This is not an issue in our context as it is just to secure an<br>
>>> application where admins are publishing data to users and they would<br>
>>> like to make sure they are publishing the right thing and nothing<br>
>>> more which otherwise would be a big security hole. Users on the other<br>
>>> hand will upload documents for admins.<br>
>>><br>
>>> There is nothing as such as bank accounts issues or private data<br>
>>> issues as you mentioned.<br>
>> I understand. But Keycloak is also used by applications where those<br>
>> issues do exist.<br>
>>><br>
>>><br>
>>><br>
>>> On 17 Oct 2014, at 19:07, Stan Silvert <<a href="mailto:ssilvert@redhat.com">ssilvert@redhat.com</a><br>
</span><span>>>> <mailto:<a href="mailto:ssilvert@redhat.com">ssilvert@redhat.com</a>>> wrote:<br>
>>><br>
>>>> I see how that would be very useful but it would also be very, very<br>
>>>> dangerous. You can't give the admin rights to just waltz into<br>
>>>> someone's bank account.<br>
>>>><br>
>>>> At the very least we would need a way for the user to give consent.<br>
>>>><br>
>>>> On 10/17/2014 11:00 AM, Alexander Chriztopher wrote:<br>
>>>>> Hi,<br>
>>>>><br>
>>>>> I would like to know if there is a way to let a connected user -an<br>
>>>>> admin- reconnect as another user -with less privilegies- without<br>
>>>>> providing a password.<br>
>>>>><br>
>>>>> The idea is to be able for a super user to see how exactly an<br>
>>>>> application behaves with another user without knowing that user<br>
>>>>> credentials.<br>
>>>>><br>
>>>>> Thanks for any help.<br>
>>>>><br>
>>>>><br>
>>>>> _______________________________________________<br>
>>>>> keycloak-user mailing list<br>
>>>>> <a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
>>>>> <a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br>
>>>><br>
>>>> _______________________________________________<br>
>>>> keycloak-user mailing list<br>
</span>>>>> <a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a> <mailto:<a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a>><br>
<span class="im HOEnZb">>>>> <a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br>
>><br>
><br>
><br>
> _______________________________________________<br>
> keycloak-user mailing list<br>
> <a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
> <a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br>
><br>
<br>
</span><span class="HOEnZb"><font color="#888888">--<br>
Bill Burke<br>
JBoss, a division of Red Hat<br>
<a href="http://bill.burkecentral.com" target="_blank">http://bill.burkecentral.com</a><br>
</font></span><div class="HOEnZb"><div class="h5">_______________________________________________<br>
keycloak-user mailing list<br>
<a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br>
</div></div></blockquote></div><br></div>