This is not possible at the moment. It's something that I'd imagine would be needed, and at a more fine-grained control. I can imagine scenarios such as:

* Devs that are allowed to create/edit apps, but not manage users
* Devs that can create clients, but not applications
* Managers that are allowed to view user details, but not reset passwords, etc.
* Admins that can do everything for a single realm, or for all realms

We don't have anything planned at the moment though, and what you're proposing could be a sensible starting point. Please create a JIRA ;)

----- Original Message -----
> From: "Travis De Silva" <traviskds@gmail.com>
> To: keycloak-user@lists.jboss.org
> Sent: Wednesday, 12 February, 2014 6:48:09 AM
> Subject: [keycloak-user] Realm Level Admin
>
> I have not been able to figure out if we can have Realm level admins. My use
> case is:
>
> We have keycloak application wide super admins. They can create new realms,
> go into any realm and create users, applications etc. Just how the default
> admin user operates now.
>
> Then within a Realm, for example lets say Demo realm, can we have a different
> admin user (e.g demo realm admin) who can perform all the tasks but only
> within that Realm. That user will not be able to view the other realms (i.e
> it should not display the realm selection drop down and also should not be
> able to create new realms.
>
> Thoughts? I am happy to raise a feature request in Jira if this is currently
> not possible and doable in a future release as I believe this feature will
> increase user adoption, especially for applications that are built with
> multi-tenancy functionality.
>
>
>
>

> _______________________________________________
> keycloak-user mailing list
> keycloak-user@lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user