Hi Nicolas,
You could try the following:
- put your users into a group;
- create another user;
- grant this user "query-groups" and "impersonation" roles (from the
"realm-management" or "master-realm" client, depending on the realm);
- go to your group, enable permissions, open "view" permission, add a
user policy to allow the user to view group, then repeat for "view-
members" permission.
Now your newly added admin user will be restricted to the contents of
the group. He won't be able to view/impersonate other users, even if he
knows the user's internal ID.
Cheers,
Dmitry Telegin
CTO, Acutus s.r.o.
Keycloak Consulting and Training
Pod lipami street 339/52, 130 00 Prague 3, Czech Republic
+42 (022) 888-30-71
E-mail: info(a)acutus.pro
On Fri, 2018-07-06 at 09:10 +0000, Nicolas Gillet wrote:
Hello,
Is it possible to grant a user the permission to view only some (not
all) users of the realm ?
Same question about being allowed to impersonate only the user he is
allowed to see ?
Thank for any help :-)
Nicolas GILLET
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user