Hi,
Thanks for the input. I added the View permission. Still no luck. :-/
Regards
/Daniel
-----Original Message-----
From: Pedro Igor Silva <psilva(a)redhat.com>
Sent: den 6 april 2018 13:59
To: Hammarberg, Daniel
Cc: keycloak-user(a)lists.jboss.org
Subject: Re: [keycloak-user] Set up fine grained permissions
Hi Daniel,
Did you try to configure the "view" permission for your client ? Try to define
the same policy to the "view" permission just like you did to the
"manage" permission.
It may looks strange as you already have the "manage" permission granting you
access, but it is how it works. Let me know if it works and we'll create a JIRA to
discuss the problem in more details.
On Fri, Apr 6, 2018 at 3:33 AM, Hammarberg, Daniel <
daniel.hammarberg(a)capgemini.com> wrote:
Hi all,
Does anyone have any input on this? We are really stuck on this one...
Regards
/Daniel
-----Original Message-----
From: Hammarberg, Daniel <daniel.hammarberg(a)capgemini.com>
Sent: den 3 april 2018 09:58
To: keycloak-user(a)lists.jboss.org
Subject: [keycloak-user] Set up fine grained permissions
Hi all,
I am trying to set up fine grained permissions, following the
instructions at
http://www.keycloak.org/docs/latest/server_admin/index.
html#_fine_grain_permissions
I don’t manage to set permissions for a user to view one client. Could
anyone help me to find what’s missing?
My settings:
In the Users menu:
User cm_g123456 is a member of the group “Content Managers”.
The group Content Managers is mapped to the realm role “Content Manager”
and the client roles realm-management -> query-clients and view-users
If I open the user cm_g123456 and check the Effective Roles under Role
Mappings, I can see that Content Manager is active.
The user cm_g123456 also has the client role realm-management ->
query-clients
In the Clients menu:
I open my client, “foo.com”.
Permissions are enabled. I have the following permission:
Name: manage.permission.client.manageSkfCom
Scopes: manage
Apply Policy: content-managers
Decision Strategy: Unanimous
I have the following policy:
Name: content-managers
Realm Roles:
Name: Content Manager
Required: checked
Logic: Positive
When I log in to the admin console as the user cm_g123456, I cannot
see any clients. Also, when opening a user I cannot see any client
roles in the Available Roles list under Role Mappings.
Best regards
/Daniel
________________________________
Capgemini is a trading name used by the Capgemini Group of companies which includes
Capgemini Sverige AB, a company registered in Sweden (number 556092-3053) whose registered
office is at Gustavslundsvägen 131 Box 825 – S-161 24 Bromma.
This message contains information that may be privileged or confidential and is the
property of the Capgemini Group. It is intended only for the person to whom it is
addressed. If you are not the intended recipient, you are not authorized to read, print,
retain, copy, disseminate, distribute, or use this message or any part thereof. If you
receive this message in error, please notify the sender immediately and delete all copies
of this message.