<div dir="ltr">The plan is to introduce more fine grained control over permissions within Keycloak in the future, but that&#39;s a separate issue to introducing group support. We will most likely leverage group support once we do improve this though.</div><div class="gmail_extra"><br><div class="gmail_quote">On 13 October 2015 at 18:59, Thomas Raehalme <span dir="ltr">&lt;<a href="mailto:thomas.raehalme@aitiofinland.com" target="_blank">thomas.raehalme@aitiofinland.com</a>&gt;</span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><p dir="ltr">Hi!</p>
<p dir="ltr">Would be great if you could include access control so that you can administer people in group A but not in group B. </p>
<p dir="ltr">I understand that this request partially overlaps with multi-tenancy but sometimes you want to have a single instance with separated administrators. You could have, for example, a SaaS application where creating separate instances doesn&#39;t make sense.</p>
<p dir="ltr">Thanks!</p>
<p dir="ltr">Best regards,<br>
Thomas</p><div class="HOEnZb"><div class="h5">
<div class="gmail_quote">On Oct 13, 2015 18:18, &quot;Bill Burke&quot; &lt;<a href="mailto:bburke@redhat.com" target="_blank">bburke@redhat.com</a>&gt; wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">You just want something like github groups?  List your requirements.<br>
<br>
I am starting on Groups next week after 1.6 goes out.<br>
<br>
On 10/13/2015 9:11 AM, Subhrajyoti Moitra wrote:<br>
&gt; Thanks Stian for the update. any more details about this group feature,<br>
&gt; if you can pl share?<br>
&gt; We are using composite roles currently to manage &quot;business groups&quot;.<br>
&gt; Since the group definitions are fixed and mutually exclusive, we are<br>
&gt; able to manage it with composite roles.<br>
&gt;<br>
&gt; Regards,<br>
&gt; Subhro.<br>
&gt;<br>
&gt; On Tue, Oct 13, 2015 at 4:39 PM, Stian Thorgersen &lt;<a href="mailto:sthorger@redhat.com" target="_blank">sthorger@redhat.com</a><br>
&gt; &lt;mailto:<a href="mailto:sthorger@redhat.com" target="_blank">sthorger@redhat.com</a>&gt;&gt; wrote:<br>
&gt;<br>
&gt;     We are also planning on introducing groups soon. Users will be able<br>
&gt;     to belong to one or more groups and a group can have roles and/or<br>
&gt;     attributes associated with it.<br>
&gt;<br>
&gt;     On 13 October 2015 at 12:58, Subhrajyoti Moitra<br>
&gt;     &lt;<a href="mailto:subhrajyotim@gmail.com" target="_blank">subhrajyotim@gmail.com</a> &lt;mailto:<a href="mailto:subhrajyotim@gmail.com" target="_blank">subhrajyotim@gmail.com</a>&gt;&gt; wrote:<br>
&gt;<br>
&gt;         I think u can investigate composite-roles for the same.<br>
&gt;         <a href="http://keycloak.github.io/docs/userguide/html/roles.html#d4e2207" rel="noreferrer" target="_blank">http://keycloak.github.io/docs/userguide/html/roles.html#d4e2207</a><br>
&gt;<br>
&gt;         The composite-roles can be client specific roles re-presenting<br>
&gt;         your organizations, and keycloak roles can be the actual<br>
&gt;         &quot;business roles&quot; under these composite roles.<br>
&gt;<br>
&gt;         HTH.<br>
&gt;         Subhro.<br>
&gt;<br>
&gt;         On Tue, Oct 13, 2015 at 4:13 PM, Kunal K &lt;<a href="mailto:kunal@plivo.com" target="_blank">kunal@plivo.com</a><br>
&gt;         &lt;mailto:<a href="mailto:kunal@plivo.com" target="_blank">kunal@plivo.com</a>&gt;&gt; wrote:<br>
&gt;<br>
&gt;             Hi all,<br>
&gt;<br>
&gt;             I am setting up an SSO server and i&#39;m evaluating both CAS<br>
&gt;             and Keycloak. One of my main requirements is letting users<br>
&gt;             have multiple teams and be a part of multiple organizations.<br>
&gt;             I&#39;m trying to wrap my head around how to do this in<br>
&gt;             Keycloak. Something on the lines of what Github does -<br>
&gt;             <a href="https://github.com/blog/674-introducing-organizations" rel="noreferrer" target="_blank">https://github.com/blog/674-introducing-organizations</a> As an<br>
&gt;             evaluation process, I&#39;ve already created a POC using CAS.<br>
&gt;<br>
&gt;             I would really appreciate any pointers on how to do this<br>
&gt;             with Keycloak.<br>
&gt;<br>
&gt;             Best,<br>
&gt;<br>
&gt;             Kunal<br>
&gt;<br>
&gt;<br>
&gt;             --<br>
&gt;             *KUNAL KERKAR *| PRODUCT ENGINEER<br>
&gt;             Plivo, Inc. 340 Pine St, San Francisco - 94104, USA<br>
&gt;             Web: <a href="http://www.plivo.com" rel="noreferrer" target="_blank">www.plivo.com</a> &lt;<a href="http://www.plivo.com/" rel="noreferrer" target="_blank">http://www.plivo.com/</a>&gt; | Twitter: @plivo<br>
&gt;             &lt;<a href="http://twitter.com/plivo" rel="noreferrer" target="_blank">http://twitter.com/plivo</a>&gt;, @tsudot &lt;<a href="http://twitter.com/tsudot" rel="noreferrer" target="_blank">http://twitter.com/tsudot</a>&gt;<br>
&gt;<br>
&gt;<br>
&gt;             _______________________________________________<br>
&gt;             keycloak-user mailing list<br>
&gt;             <a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a><br>
&gt;             &lt;mailto:<a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a>&gt;<br>
&gt;             <a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br>
&gt;<br>
&gt;<br>
&gt;<br>
&gt;         _______________________________________________<br>
&gt;         keycloak-user mailing list<br>
&gt;         <a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a> &lt;mailto:<a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a>&gt;<br>
&gt;         <a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br>
&gt;<br>
&gt;<br>
&gt;<br>
&gt;<br>
&gt;<br>
&gt; _______________________________________________<br>
&gt; keycloak-user mailing list<br>
&gt; <a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a><br>
&gt; <a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br>
&gt;<br>
<br>
--<br>
Bill Burke<br>
JBoss, a division of Red Hat<br>
<a href="http://bill.burkecentral.com" rel="noreferrer" target="_blank">http://bill.burkecentral.com</a><br>
_______________________________________________<br>
keycloak-user mailing list<br>
<a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br>
</blockquote></div>
</div></div><br>_______________________________________________<br>
keycloak-user mailing list<br>
<a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br></blockquote></div><br></div>