----- Original Message -----
From: "Vlastimil Elias" <velias(a)redhat.com>
To: keycloak-dev(a)lists.jboss.org
Sent: Monday, 8 June, 2015 1:54:11 PM
Subject: [keycloak-dev] How to assign new client default roles to existing users?
Hi,
we just found one admin use case which is not covered by existing Keycloak
and its Admin GUI.
When you create new Client later and define some default role/s for it, then
there is not any way how to assign these roles to existing users.
Problem is that default roles are assigned to users in DB when they are
created. Then admin GUI allows to assign roles for one user only, not too
useful when you have hundreds or thousands of users ;-)
Only workaround for now is to write script which uses REST API to assign new
default roles to all existing users.
I see these possible solutions:
* do not assign default roles in DB when user is created, but assign them
dynamically when user roles are asked - possible cons of this solution
is that it does not allow to remove default role from concrete/selected
users
* keep default roles assignment into DB on user create, but automatically
assign new default role to all existing users once it is defined for
client
* keep default roles assignment into DB on user create, but add some
manual bulk role assignment action into Admin GUI, which allows admin to
assign role to existing users.
WDYT, which solution should be better?
Or, create a composite role called 'default' and have this as the only default
role. Afterwards you can map new roles to this composite role and it'll be reflected
for all users that have the 'default' role assigned to them.
Cheers
Vlastimil
--
Vlastimil Elias
Principal Software Engineer
jboss.org Development Team
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev