10:14 a.m.
Thanks for the reply! This indeed allowed the user to access the realm
console. However, this also exposed other configurations that we do not
wish the admin users to see such as configuring the Realm Settings, Roles,
User Federation, and Authentication.
Is there another configuration that would allow the user to access the
admin console and only expose the manage groups and users tab?
Thanks again,
Mandy
On Sat, Dec 22, 2018 at 2:00 PM Geoffrey Cleaves <geoff(a)opticks.io> wrote:
When I was messing with granular permissions recently I had to give
the
view-realm role in order to log into the Admin Console.
On Fri, Dec 21, 2018, 19:29 Mandy Fung <mandy.fung(a)tasktop.com wrote:
> Hello,
>
> We've recently upgraded from 4.5.0 to 4.7.0 and users can no longer access
> the dedicated realm admin console (/auth/admin/{realm}/console) with the
> same realm-management roles that they had in 4.5.0.
>
> We only want our admin users to manage users and groups and in 4.5.0 we
> were able to assign the following roles to our admin users such that only
> the "Manage > Groups" and "Manage > Users" tab show up in
the realm admin
> console: 'manage-users', 'query-groups', 'query-users', and
'view-users'.
>
> However, with the new upgrade to 4.7.0 these admin users with the same
> realm-management roles assigned can no longer access the realm admin
> console and they see a 403 Forbidden error page.
>
> Has anyone run into this issue recently or if there are some new realm
> management roles added in 4.7.0 that we need to re-configure?
>
> Best regards,
> Mandy
>
> --
>
>
> *Mandy Fung **|* Software Engineer 1 *| *Tasktop
>
> *email: *mandy.fung(a)tasktop.com
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
--
*Mandy Fung **|* Software Engineer 1 *| *Tasktop
*email: *mandy.fung(a)tasktop.com