Re: [keycloak-user] Authorization Services - Admin Console
You are not the first one to indicate this limitation. We need to plan a
review fine-grained admin permissions and discuss what we want or not to
support.
There are some known limitations and I think the idea behind the
implementation would be to check how people would use this functionality.
Based on all feedback we are receiving from community, I think we can start
looking at improving this functionality.
There is https://issues.jboss.org/browse/KEYCLOAK-6127, which I think is
related wth your problem. If so, feel free to push more details.
Regards.
Pedro Igor
On Thu, Jun 28, 2018 at 7:25 AM, gambol <gambol99(a)gmail.com> wrote:
Hiya
I'm guessing this isn't possible yet but just in case, is it possible to
provide fine-grain controls over the creation of local accounts. At the
moment we have a project whom we to gave the ability to control membership
of one or more groups via "User Policy" in authorization services. We would
like them to be able to "create" a user as well, but retain the above
limitation. At the moment this doesn't look like its possible as the only
way to get the "Add User" button is to add the "manage-users" role
from
"realm-management" .. This unfortunately gives the access to do anything
they want with the users .. adding a group, delete etc etc
Are there any plan's to extend the scopes available under the Users
resource type? ..
Rohith
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user