[keycloak-dev] Admin Fine Grained Permissions

Right now, when you enable fine-grained permissions to users you must grant to a specific user the "manage-users" roles. Otherwise, you will not be able to see the "Add User" button even though you have a permission granting the "manage" scope. It is quite weird actually, because you can delete users. This is because in UI we are checking only for "manage-users" when deciding if this button should be shown or not. One thing we could do here is change admin console to query for current user permissions using the Entitlement API and use the permissions returned in the RPT to decide whether or not something in the UI should be displayed. I did some tests here and this approach seems to work fine and I think it will improve a lot how we are handling permissions in admin console. Regards. Pedro Igor