Nope, that's not possible by design.

You can think about composite role as group of other roles. For example if you have composite role "admin" , which consists of 3 child roles "administer-finance" , "administer-sales" , "administer-stuff" , then it means that if you assign the role "admin" to some user, he really has permissions to administer everything (so 3 other roles).

If you need something more fine-grained, then you need something like separate composite roles for every group of roles (so in your case, one composite role for your 10 roles to be assigned to PersonA and second composite role for your 9 roles to be assigned to personB). Or if it should be even more fine-grained, then maybe composite roles is not a way to go for you.


On 11/07/16 13:36, Yunus ÖNCEL wrote:
I have a simple and short Question

is it  possible?  I want editable assigned roles (effective roles). Example A Person have a composite Role(10 Role ) and B Person have too a same composite role (9 roles) . I don't want create new composite role to a role.

Thank you 

keycloak-dev mailing list