Nope, that's not possible by design.
You can think about composite role as group of other roles. For
example if you have composite role "admin" , which consists of 3
child roles "administer-finance" , "administer-sales" ,
"administer-stuff" , then it means that if you assign the role
"admin" to some user, he really has permissions to administer
everything (so 3 other roles).
If you need something more fine-grained, then you need something
like separate composite roles for every group of roles (so in your
case, one composite role for your 10 roles to be assigned to
PersonA and second composite role for your 9 roles to be assigned
to personB). Or if it should be even more fine-grained, then maybe
composite roles is not a way to go for you.
On 11/07/16 13:36, Yunus ÖNCEL wrote:
I have a simple and short Question
is it possible? I want editable assigned roles (effective
roles). Example A Person have a composite Role(10 Role ) and B
Person have too a same composite role (9 roles) . I don't want
create new composite role to a role.
keycloak-dev mailing list