<p dir="ltr">Hi!</p>
<p dir="ltr">Would be great if you could include access control so that you can administer people in group A but not in group B. </p>
<p dir="ltr">I understand that this request partially overlaps with multi-tenancy but sometimes you want to have a single instance with separated administrators. You could have, for example, a SaaS application where creating separate instances doesn't make sense.</p>
<p dir="ltr">Thanks!</p>
<p dir="ltr">Best regards,<br>
Thomas</p>
<div class="gmail_quote">On Oct 13, 2015 18:18, "Bill Burke" <<a href="mailto:bburke@redhat.com">bburke@redhat.com</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">You just want something like github groups? List your requirements.<br>
<br>
I am starting on Groups next week after 1.6 goes out.<br>
<br>
On 10/13/2015 9:11 AM, Subhrajyoti Moitra wrote:<br>
> Thanks Stian for the update. any more details about this group feature,<br>
> if you can pl share?<br>
> We are using composite roles currently to manage "business groups".<br>
> Since the group definitions are fixed and mutually exclusive, we are<br>
> able to manage it with composite roles.<br>
><br>
> Regards,<br>
> Subhro.<br>
><br>
> On Tue, Oct 13, 2015 at 4:39 PM, Stian Thorgersen <<a href="mailto:sthorger@redhat.com">sthorger@redhat.com</a><br>
> <mailto:<a href="mailto:sthorger@redhat.com">sthorger@redhat.com</a>>> wrote:<br>
><br>
> We are also planning on introducing groups soon. Users will be able<br>
> to belong to one or more groups and a group can have roles and/or<br>
> attributes associated with it.<br>
><br>
> On 13 October 2015 at 12:58, Subhrajyoti Moitra<br>
> <<a href="mailto:subhrajyotim@gmail.com">subhrajyotim@gmail.com</a> <mailto:<a href="mailto:subhrajyotim@gmail.com">subhrajyotim@gmail.com</a>>> wrote:<br>
><br>
> I think u can investigate composite-roles for the same.<br>
> <a href="http://keycloak.github.io/docs/userguide/html/roles.html#d4e2207" rel="noreferrer" target="_blank">http://keycloak.github.io/docs/userguide/html/roles.html#d4e2207</a><br>
><br>
> The composite-roles can be client specific roles re-presenting<br>
> your organizations, and keycloak roles can be the actual<br>
> "business roles" under these composite roles.<br>
><br>
> HTH.<br>
> Subhro.<br>
><br>
> On Tue, Oct 13, 2015 at 4:13 PM, Kunal K <<a href="mailto:kunal@plivo.com">kunal@plivo.com</a><br>
> <mailto:<a href="mailto:kunal@plivo.com">kunal@plivo.com</a>>> wrote:<br>
><br>
> Hi all,<br>
><br>
> I am setting up an SSO server and i'm evaluating both CAS<br>
> and Keycloak. One of my main requirements is letting users<br>
> have multiple teams and be a part of multiple organizations.<br>
> I'm trying to wrap my head around how to do this in<br>
> Keycloak. Something on the lines of what Github does -<br>
> <a href="https://github.com/blog/674-introducing-organizations" rel="noreferrer" target="_blank">https://github.com/blog/674-introducing-organizations</a> As an<br>
> evaluation process, I've already created a POC using CAS.<br>
><br>
> I would really appreciate any pointers on how to do this<br>
> with Keycloak.<br>
><br>
> Best,<br>
><br>
> Kunal<br>
><br>
><br>
> --<br>
> *KUNAL KERKAR *| PRODUCT ENGINEER<br>
> Plivo, Inc. 340 Pine St, San Francisco - 94104, USA<br>
> Web: <a href="http://www.plivo.com" rel="noreferrer" target="_blank">www.plivo.com</a> <<a href="http://www.plivo.com/" rel="noreferrer" target="_blank">http://www.plivo.com/</a>> | Twitter: @plivo<br>
> <<a href="http://twitter.com/plivo" rel="noreferrer" target="_blank">http://twitter.com/plivo</a>>, @tsudot <<a href="http://twitter.com/tsudot" rel="noreferrer" target="_blank">http://twitter.com/tsudot</a>><br>
><br>
><br>
> _______________________________________________<br>
> keycloak-user mailing list<br>
> <a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
> <mailto:<a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a>><br>
> <a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br>
><br>
><br>
><br>
> _______________________________________________<br>
> keycloak-user mailing list<br>
> <a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a> <mailto:<a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a>><br>
> <a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br>
><br>
><br>
><br>
><br>
><br>
> _______________________________________________<br>
> keycloak-user mailing list<br>
> <a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
> <a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br>
><br>
<br>
--<br>
Bill Burke<br>
JBoss, a division of Red Hat<br>
<a href="http://bill.burkecentral.com" rel="noreferrer" target="_blank">http://bill.burkecentral.com</a><br>
_______________________________________________<br>
keycloak-user mailing list<br>
<a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br>
</blockquote></div>