Re: [keycloak-user] realm-management client role "view-realm" needed to view/edit a user?

I assume this issue is fixed in 6.0.1 with this PR: https://github.com/keycloak/keycloak/pull/5893/files Best regards, Sebastian Mit freundlichen Grüßen / Best regards Dr.-Ing. Sebastian Schuster Open Source Services (INST-CSS/BSV-OS2) Bosch Software Innovations  GmbH | Ullsteinstr. 128 | 12109 Berlin | GERMANY | www.bosch-si.com Tel. +49 30 726112-485 | Mobil +49 152 02177668 | Fax +49 30 726112-100 | Sebastian.Schuster(a)bosch-si.com Sitz: Berlin, Registergericht: Amtsgericht Charlottenburg; HRB 148411 B Aufsichtsratsvorsitzender: Dr.-Ing. Thorsten Lücke; Geschäftsführung: Dr. Stefan Ferber, Michael Hahn, Dr. Aleksandar Mitrovic -----Ursprüngliche Nachricht----- Von: keycloak-user-bounces(a)lists.jboss.org <keycloak-user-bounces(a)lists.jboss.org&gt; Im Auftrag von EXTERNAL Weimer Benjamin (TNG, INST-CSS/BSV-OS2) Gesendet: Mittwoch, 17. Juli 2019 17:43 An: Huw McNamara <huwmcnamara(a)msn.com>; keycloak-user(a)lists.jboss.org Betreff: Re: [keycloak-user] realm-management client role "view-realm" needed to view/edit a user? Hi Huw, Thanks for your reply! I added the info to the JIRA ticket. Best regards Benjamin Von: Huw McNamara <huwmcnamara(a)msn.com&gt; Gesendet: Mittwoch, 17. Juli 2019 17:32 An: EXTERNAL Weimer Benjamin (TNG, INST-CSS/BSV-OS2) <external.Benjamin.Weimer(a)bosch-si.com>; keycloak-user(a)lists.jboss.org Betreff: Re: [keycloak-user] realm-management client role "view-realm" needed to view/edit a user? Hi Benjamin, There's an open bug for view-realm being needed to access the credentials tab for clients https://issues.jboss.org/browse/KEYCLOAK-10782. Maybe they are related and you could add the info to the JIRA ticket? Although fine grain permissions are tech preview. Thanks, Huw ________________________________ From: keycloak-user-bounces@lists.jboss.org<mailto:keycloak-user-bounces@lis ts.jboss.org> <keycloak-user-bounces@lists.jboss.org<mailto:keycloak-user-bounces@li sts.jboss.org>> on behalf of EXTERNAL Weimer Benjamin (TNG, INST-CSS/BSV-OS2) <external.Benjamin.Weimer@bosch-si.com<mailto:external.Benjamin.Weimer @bosch-si.com>> Sent: 17 July 2019 15:39 To: keycloak-user@lists.jboss.org<mailto:keycloak-user@lists.jboss.org> Subject: [keycloak-user] realm-management client role "view-realm" needed to view/edit a user? Hi all, we are using fine grain permissions in Keycloak to set the rights to edit certain users and have noticed that the roles "manage-users" and "query-realm" of the "realm-management" client are not sufficient to view and edit single users. The "view-realm" role seems to be needed for that. Can you explain me why this role is needed for this action? Best regards and thanks in advance Benjamin Weimer _______________________________________________ keycloak-user mailing list keycloak-user@lists.jboss.org<mailto:keycloak-user@lists.jboss.org> https://lists.jboss.org/mailman/listinfo/keycloak-user _______________________________________________ keycloak-user mailing list keycloak-user(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-user _______________________________________________ keycloak-user mailing list keycloak-user(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-user