Re: [keycloak-user] Realm Level Admin
This is not possible at the moment. It's something that I'd imagine would be
needed, and at a more fine-grained control. I can imagine scenarios such as:
* Devs that are allowed to create/edit apps, but not manage users
* Devs that can create clients, but not applications
* Managers that are allowed to view user details, but not reset passwords, etc.
* Admins that can do everything for a single realm, or for all realms
We don't have anything planned at the moment though, and what you're proposing
could be a sensible starting point. Please create a JIRA ;)
----- Original Message -----
From: "Travis De Silva" <traviskds(a)gmail.com>
To: keycloak-user(a)lists.jboss.org
Sent: Wednesday, 12 February, 2014 6:48:09 AM
Subject: [keycloak-user] Realm Level Admin
I have not been able to figure out if we can have Realm level admins. My use
case is:
We have keycloak application wide super admins. They can create new realms,
go into any realm and create users, applications etc. Just how the default
admin user operates now.
Then within a Realm, for example lets say Demo realm, can we have a different
admin user (e.g demo realm admin) who can perform all the tasks but only
within that Realm. That user will not be able to view the other realms (i.e
it should not display the realm selection drop down and also should not be
able to create new realms.
Thoughts? I am happy to raise a feature request in Jira if this is currently
not possible and doable in a future release as I believe this feature will
increase user adoption, especially for applications that are built with
multi-tenancy functionality.
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user