<html><body><div style="color:#000; background-color:#fff; font-family:times new roman, new york, times, serif;font-size:13px"><div id="yui_3_16_0_1_1428975886253_2321" dir="ltr"> Hi Dev team,</div><div id="yui_3_16_0_1_1428975886253_2905" dir="ltr"><br></div><div id="yui_3_16_0_1_1428975886253_2906" dir="ltr">The current KC model has very coarse grained roles that do not work for us, specifically in regards to the application management. Let me explain our use case.</div><div id="yui_3_16_0_1_1428975886253_2322" dir="ltr"><br></div><div id="yui_3_16_0_1_1428975886253_2323" dir="ltr">We allow only a set of users to register/update client applications subject to the below conditions ( a simplification of our actual use case):</div><div id="yui_3_16_0_1_1428975886253_2373" dir="ltr"><br></div><div id="yui_3_16_0_1_1428975886253_2372" dir="ltr">1) Every client application has a set of owners and only the owners of the application can register/update an application in KC in addition to the point 2) below.</div><div id="yui_3_16_0_1_1428975886253_2438" dir="ltr">2) Every application is part of a family that has a set of owners who can register/update any application within that family.</div><div id="yui_3_16_0_1_1428975886253_2635" dir="ltr"><br></div><div id="yui_3_16_0_1_1428975886253_2662" dir="ltr">When a user logs into KC, I can query our external repository to see if the user is in say "App1 owner" role or "App1 Family Owner" role and if so, allow him to register the application (App1) in KC. I should also be able to link that "App1 owner" role to the newly registered application in KC so that when if another user belonging to "App1 owner" or "App1 Family Owner" role comes in, I should allow him to update App1 and not any other application, subject to conditions 1 and 2. </div><div id="yui_3_16_0_1_1428975886253_2843" dir="ltr"><br></div><div id="yui_3_16_0_1_1428975886253_2855" dir="ltr">How can we achieve the above functionality in KC? Appreciate some pointers and if there is something that can be done in KC then let me know and I will put in an enhancement request.</div><div id="yui_3_16_0_1_1428975886253_2850" dir="ltr"><br></div><div id="yui_3_16_0_1_1428975886253_2849" dir="ltr">Thanks in advance,</div><div id="yui_3_16_0_1_1428975886253_2844" dir="ltr">Raghu</div><div id="yui_3_16_0_1_1428975886253_2351" dir="ltr"><br></div><div id="yui_3_16_0_1_1428975886253_2352" dir="ltr"><br></div><div id="yui_3_16_0_1_1428975886253_2353" dir="ltr"><br></div></div></body></html>