<div dir="ltr">Realm roles vs client roles are there to give you an option. You can use one or both, it's up to you.<div><br></div><div>In general realm roles would be roles that are global to your organization (for example sales, admin, etc..). While client roles would be roles that are specific to the client.</div></div><div class="gmail_extra"><br><div class="gmail_quote">On 11 February 2016 at 07:33, Renann Prado <span dir="ltr"><<a href="mailto:darkness.renann@gmail.com" target="_blank">darkness.renann@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div>I'm pretty new to keycloak. Amazing application btw.</div><div>It's working very well, however I found strange/confusing that I have to create roles in the level of the realm, then per client and then assign to each user.</div><div>What I mean is: why don't we have the roles created in the level of the realm and then we just assign per application user or is there an option to make that happen?</div><div>Otherwise I have to keep creating roles for all clients, then assigning for all users. In my case there aren't many users/roles/applications, so it's fine. But it would be nice to know how to do that.</div><div><br></div><div>Thanks</div><span class="HOEnZb"><font color="#888888"><br clear="all"><div><div>Renann Prado</div></div>
</font></span></div>
<br>_______________________________________________<br>
keycloak-user mailing list<br>
<a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br></blockquote></div><br></div>