<div dir="ltr">Hi all,<div>I'm trying to use KC for a suite of multitenant webapps. Each tenant/customer has a separated realm and I use a custom Federation Provider to map users and roles to my company's legacy custom ACL database. Customers also want to manage/create users by their own, but I don't want they manage other realm stuff like Federation Provider parameters, client apps, etc, so I have to provide to some users of each realm the only roles of "manage-user"/"view-users" from the app realm-management, so they can only view the Manage User option in the realm Console.</div><div>The problem is that through the console they may promote themselves assigning to existing users or to new users the role of "manage-realm" and after a simple refresh they can manage the entire realm.</div><div>Is there a way to avoid this or am I wrong to do this?</div><div>One more question connected to this one: is there a way to localize also the realm console? If my customers have to manage their own users, they would read labels and messages in their own languages.</div><div>Thank you very much for your time and for your great and versatile product.</div><div><br></div><div>Best regards</div><div>--Vito</div></div>