Hello Keycloak Team,
just stumbled upon the RFC and thought that it might be a good fit for
Security Event Token (SET), RFC 8417! Standardizes a method of using JWT
(with optional JWS signing, and JWE encryption) to describe a statement of
fact about a security subject.
there are two global roles, admin and create-realm, but we would like to add
a third one, call it reporting, that has read-only access to all settings in
every realm (so all of the view- and query- permissions).
We can create the role as a composite with permissions over every realm, but
if a new realm is added later, the reporting role has no access unless we
explicitly grant it.
Is it possible for us to add a global role by creating a new realm role in
the master realm, and giving it a particular configuration and/or set of
Peter K. Boucher