Hello, I have a use-case where I want to create a dedicated realm for one organization with an admin user. But when I give the role ‘realm-admin’ to this user and literally he could anything in this realm, managing clients, managing user, etc. And if the user is not very well known with keycloak then he can also disturb the settings or configuration of the realm it self. Like deleting roles from ‘realm-management’ and with managing user with ‘manage-user’ stuff client for example. Now I have achieved to restrict this admin doing such things but now with the fine grain permission and without ‘manage-clients’ and ‘manage-users’ roles, I cannot see the ‘create client’ and ‘create user’ button in the dedicated realm admin console. In my usecase I want the admin user to create client and user by himself but not manage everything like stated above. Cheers, Hasebullah A Ansari Master of Engineering in IT, Heidelberg IT Specialist / Java Entwickler Syntlogo GmbH _______________________________________________ keycloak-user mailing list keycloak-user(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-user