I am like 50/50 . I can imagine this has some advantages as people won't
be easily able to delete system clients/roles and break their keycloak
server.
On the other hand, when I am admin, I might be confused why some roles
are not in the roles list, but are in default roles list etc? Also if
someone really knows what he is doing, this might be unwanted
restriction - for example people may want to add more composite roles
into "admin" role or they want to disable account client as Vlasta
pointed etc.
Marek
On 10.6.2015 09:19, Stian Thorgersen wrote:
I propose we add an attribute 'kc_internal' to internal
clients (security-admin-console, master-realm, account, broker) and hide these from the
clients table.
We should also do this to internal roles 'admin' and 'create-realm' so
these roles are not displayed in realm roles list. They would only be hidden from this
page, but still be visible in user role mapping, scope mappings and default roles.
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev