<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">It seems that you can instead use this
endpoint for role-by-id:
<a class="moz-txt-link-freetext" href="http://keycloak.github.io/docs/rest-api/admin/realms/%7Brealm%7D/roles-by-id/%7Brole-id%7D/composites/index.html">http://keycloak.github.io/docs/rest-api/admin/realms/%7Brealm%7D/roles-by-id/%7Brole-id%7D/composites/index.html</a>
. This one should require just "view-realm" permissions.<br>
<br>
Marek<br>
<br>
On 20.5.2015 16:04, Maciej Szewczykowski wrote:<br>
</div>
<blockquote
cite="mid:e3e56bcc0e3f48b8941c77e9cbf43814@THHSTE15D3BE5.hs20.net"
type="cite">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta name="Generator" content="Microsoft Word 15 (filtered
medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]-->
<style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;
mso-fareast-language:EN-US;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
span.Stylwiadomocie-mail17
{mso-style-type:personal-compose;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri",sans-serif;
mso-fareast-language:EN-US;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:70.85pt 70.85pt 70.85pt 70.85pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal">Hi,<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">I’m working on a simple security service
for enterprise application, and one of the requirements is to
be able to determine list of application roles (composites, if
I get the vocabulary right) for each user that has
successfully signed in. User credentials are naturally
acquired from session token. <o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">According to the REST API docs, you can
acquire list of application roles for a given realm role with
the following request:<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><span style="color:#2F5597">/admin/realms/{realm}/roles/{realm_role}/composites<o:p></o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">It turns out however that in order to be
successfully executed, this request requires the user to have
„manage-realm” effective role assigned. This will naturally be
the case only for admin users.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">So I’d much appreciate if you could tell
whether there is a way (using REST API or
User/RoleRepresentation objects) to get list of application
roles for a given realm role without the need of having
„manage-realm” role assigned.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Thank you in advance for your help.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;mso-fareast-language:PL">Best
Regards,<o:p></o:p></span></p>
<table class="MsoNormalTable"
style="background:white;border-collapse:collapse"
cellpadding="0" cellspacing="0" border="0">
<tbody>
<tr>
<td style="padding:0cm 0cm 0cm 0cm">
<table class="MsoNormalTable" cellpadding="0" border="0">
<tbody>
<tr style="height:9.0pt">
<td style="padding:0cm 0cm 0cm 0cm;height:9.0pt">
<p class="MsoNormal" style="line-height:9.0pt"><b><span
style="font-size:9.0pt;color:#0084AF;mso-fareast-language:EN-GB">Maciej
Szewczykowski
<o:p></o:p></span></b></p>
</td>
</tr>
<tr style="height:7.5pt">
<td style="padding:0cm 0cm 0cm 0cm;height:7.5pt">
<p class="MsoNormal" style="line-height:7.5pt"><span
style="font-size:7.5pt;color:#0084AF;mso-fareast-language:EN-GB">Java
Developer<o:p></o:p></span></p>
</td>
</tr>
<tr style="height:3.0pt">
<td style="padding:0cm 0cm 0cm 0cm;height:3.0pt">
<div class="MsoNormal" style="text-align:center"
align="center"><span
style="font-size:2.0pt;font-family:"Times
New
Roman",serif;mso-fareast-language:EN-GB">
<hr style="color:#A0A0A0" align="center"
noshade="noshade" size="2" width="100%">
</span></div>
</td>
</tr>
<tr style="height:7.5pt">
<td style="padding:0cm 0cm 0cm 0cm;height:7.5pt">
<p class="MsoNormal"
style="mso-line-height-alt:6.0pt"><span
style="font-size:7.5pt;color:#69747A;mso-fareast-language:EN-GB">T
+44 01628 539 800</span><span
style="font-size:7.5pt;font-family:"Arial",sans-serif;color:#69747A;mso-fareast-language:EN-GB"><o:p></o:p></span></p>
</td>
</tr>
<tr style="height:7.5pt">
<td style="padding:0cm 0cm 0cm 0cm;height:7.5pt">
<p class="MsoNormal"
style="mso-line-height-alt:6.0pt"><span
style="font-size:7.5pt;color:#69747A;mso-fareast-language:EN-GB">E
<a class="moz-txt-link-abbreviated" href="mailto:firstname.lastname@pjmedia.co.uk">firstname.lastname@pjmedia.co.uk</a><o:p></o:p></span></p>
</td>
</tr>
<tr style="height:3.0pt">
<td style="padding:.75pt .75pt .75pt
.75pt;height:3.0pt"><br>
</td>
</tr>
<tr style="height:7.5pt">
<td style="padding:0cm 0cm 0cm 0cm;height:7.5pt">
<p class="MsoNormal"
style="mso-line-height-alt:6.0pt"><b><span
style="font-size:7.5pt;color:#69747A;mso-fareast-language:EN-GB">PJ
Media Limited,</span></b><b><span
style="font-size:7.5pt;font-family:"Arial",sans-serif;color:#69747A;mso-fareast-language:EN-GB"
lang="EN-US"><o:p></o:p></span></b></p>
</td>
</tr>
<tr style="height:7.5pt">
<td style="padding:0cm 0cm 0cm 0cm;height:7.5pt">
<p class="MsoNormal"
style="mso-line-height-alt:6.0pt"><span
style="font-size:7.5pt;color:#69747A;mso-fareast-language:EN-GB">Plac
</span><span
style="font-size:7.5pt;color:#69747A;mso-fareast-language:EN-GB">Wolności
</span><span
style="font-size:7.5pt;color:#69747A;mso-fareast-language:EN-GB">21,
05-825<o:p></o:p></span></p>
</td>
</tr>
<tr style="height:7.5pt">
<td style="padding:0cm 0cm 0cm 0cm;height:7.5pt">
<p class="MsoNormal"
style="mso-line-height-alt:6.0pt"><span
style="font-size:7.5pt;color:#69747A;mso-fareast-language:EN-GB">Grodzisk
Mazowiecki, Warsaw, Poland<o:p></o:p></span></p>
</td>
</tr>
</tbody>
</table>
</td>
<td style="padding:.75pt .75pt .75pt .75pt">
<p class="MsoNormal" style="text-align:center"
align="center"><a moz-do-not-send="true"
href="http://www.brandpath.com/"><span
style="font-size:12.0pt;font-family:"Times
New Roman",serif;color:blue;border:none
windowtext
1.0pt;padding:0cm;mso-fareast-language:PL;text-decoration:none"><img
id="Picture_x0020_21"
src="cid:part1.08060701.05050702@redhat.com"
alt="Brandpath" border="0" height="146"
width="204"></span></a><span
style="font-size:12.0pt;font-family:"Times New
Roman",serif;color:#71787D;mso-fareast-language:EN-GB" lang="EN-US"><o:p></o:p></span></p>
</td>
</tr>
</tbody>
</table>
<p class="MsoNormal"><span
style="font-size:7.0pt;mso-fareast-language:PL">PJ MEDIA
LIMITED | Registered in England and Wales no. 04946760 |
Registered Office: Network House, Third Avenue, Globe Park,
Marlow, Buckinghamshire, SL7 1EY, United Kingdom | Web site:
<a class="moz-txt-link-freetext" href="http://www.pjmedia.co.uk">http://www.pjmedia.co.uk</a></span><span
style="font-size:7.0pt;font-family:"Arial",sans-serif;color:#71787D;mso-fareast-language:JA"
lang="EN-US"><o:p></o:p></span></p>
<div
style="mso-element:para-border-div;border:none;border-bottom:solid
windowtext 1.0pt;padding:0cm 0cm 1.0pt 0cm">
<p class="MsoNormal" style="border:none;padding:0cm"><span
style="font-size:7.0pt;mso-fareast-language:PL"><o:p> </o:p></span></p>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<br clear="all">
The contents of this message and any attachments to it are
confidential and may be legally privileged. If you have received
this message in error you should delete it from your system
immediately and advise the sender. To any recipient of this
message within PJ Media, unless otherwise stated, you should
consider this message and attachments as PJ Media confidential.<br>
<br>
PJ MEDIA LIMITED,<br>
Registered in England no. 04946760<br>
Address: Network House, Third Avenue, Globe Park, Marlow, SL7 1EY,
United Kingdom<br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
keycloak-user mailing list
<a class="moz-txt-link-abbreviated" href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a>
<a class="moz-txt-link-freetext" href="https://lists.jboss.org/mailman/listinfo/keycloak-user">https://lists.jboss.org/mailman/listinfo/keycloak-user</a></pre>
</blockquote>
<br>
</body>
</html>