Re: [keycloak-user] Give access to his account to a client

Hello everyone, i find the anwser by myself to my question. I followed the instructions given for "fine grained permissions" here: https://www.keycloak.org/docs/latest/server_admin/index.html#_fine_grain_... But I do not have the expected result. Here is my configuration : - I created a group "admin" and gave it the role "query-client" on the client "realm-management" of the kingdom concerned - For the client "Test" for which I wish to give access (for management) to a dedicated user, I created a policy with the right to manage for the group concerned "admin", via the "permissions" tab. - I added the relevant user "Test" in this group "admin. And the result is: "Forbidden.You do not have access to the requested resource" ... If I add the role "view-ream" to the group "admin" on the client "realm-management" of the kingdom concerned, it's OK, but the user "test" also reads the whole configuration of the kingdom, which is not desirable. Did I miss something? thank you in advance ----- Mail original ----- De: "Francois Gourrier" <francois.gourrier(a)libre-logic.fr&gt; À: keycloak-user(a)lists.jboss.org Envoyé: Mercredi 27 Février 2019 15:59:33 Objet: [keycloak-user] Give access to his account to a client Hello everyone, we are currently using keycloak. We created several clients on a realm. To simplify the management of URIs, we would like to give the management of his account to each client. T he REST API allows to modify the account but it is not necessary that a customer can go to see the configuration of the other customers, which is nevertheless possible if he has the rights of access to the service (unless one can restrict access to a client). Another track would be that a customer connects to his account via the back office. A track to meet the need? Thank you in advance. François GOURRIER _______________________________________________ keycloak-user mailing list keycloak-user(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-user