User account management is now always turned on. There's no option to disable it in
the realm settings, but if someone really wants to remove it they can remove the account
application.
Default roles are now assigned to all new users (self-registered, created by admin, or
imported from json). The Registration tab in the admin console is renamed to Default Roles
and is always visible.
As I said before updating default roles for exiting users is risky, and would be best
achieved with the introduction of composite roles. IMO we should hold off on this until
after the alpha has been released.
----- Original Message -----
From: "Stian Thorgersen" <stian(a)redhat.com>
To: "Bill Burke" <bburke(a)redhat.com>
Cc: keycloak-dev(a)lists.jboss.org
Sent: Friday, 17 January, 2014 9:06:48 AM
Subject: Re: [keycloak-dev] more things we need
----- Original Message -----
> From: "Bill Burke" <bburke(a)redhat.com>
> To: keycloak-dev(a)lists.jboss.org
> Sent: Friday, 17 January, 2014 1:18:52 AM
> Subject: [keycloak-dev] more things we need
>
> One thing I notice from doing the tutorial:
>
> * User account management should be turned on by default
Agreed - working on this now (also removing the option to disable it, if
someone really wants that we can add it back later)
> * Default roles should be visible even without registration and
> privileges should be automatic for the Account Server for all users.
In the future this should use a default composite role, which would make the
updating of users automatically. Updating users now would be very
problematic for several reason, for example:
* Would need to update all users when a default role is added/removed
* If an admin explicitly removes some default roles for a set of users, we
could end up adding it back if the default roles are changed
How about for the alpha we rename it from "Registration" to "Default
Roles".
Then we add those roles to users created through the admin console as well
as self-registered users.
> * We don't need a User Account Management switch. Admins can just
> choose to not set a default role for user account management.
>
> I just think it will be rare to not have Acct Service turned off, so
> might as well set it up by default.
>
> --
> Bill Burke
> JBoss, a division of Red Hat
>
http://bill.burkecentral.com
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev(a)lists.jboss.org
>
https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev