No easy way to do this. Our roadmap is pretty full at the moment so
we'd need the community to help out.
On 10/18/2014 1:25 PM, Alexander Chriztopher wrote:
At the end of the day any customer data is at the tip of a finger of
an
admin or other people who can see all they want with an sql statement or
even easier sometimes. I've seen a big bank who had this feature
implemented on their online banking website and it's been validated by
all the security audits out there and it was really helpful.
Is there is a nice way to get this done with Keycloak ?
Anyone has an idea !
On 17 Oct 2014, at 20:36, Stan Silvert <ssilvert(a)redhat.com
<mailto:ssilvert@redhat.com>> wrote:
> On 10/17/2014 1:53 PM, Alexander Chriztopher wrote:
>> This is not an issue in our context as it is just to secure an
>> application where admins are publishing data to users and they would
>> like to make sure they are publishing the right thing and nothing
>> more which otherwise would be a big security hole. Users on the other
>> hand will upload documents for admins.
>>
>> There is nothing as such as bank accounts issues or private data
>> issues as you mentioned.
> I understand. But Keycloak is also used by applications where those
> issues do exist.
>>
>>
>>
>> On 17 Oct 2014, at 19:07, Stan Silvert <ssilvert(a)redhat.com
>> <mailto:ssilvert@redhat.com>> wrote:
>>
>>> I see how that would be very useful but it would also be very, very
>>> dangerous. You can't give the admin rights to just waltz into
>>> someone's bank account.
>>>
>>> At the very least we would need a way for the user to give consent.
>>>
>>> On 10/17/2014 11:00 AM, Alexander Chriztopher wrote:
>>>> Hi,
>>>>
>>>> I would like to know if there is a way to let a connected user -an
>>>> admin- reconnect as another user -with less privilegies- without
>>>> providing a password.
>>>>
>>>> The idea is to be able for a super user to see how exactly an
>>>> application behaves with another user without knowing that user
>>>> credentials.
>>>>
>>>> Thanks for any help.
>>>>
>>>>
>>>> _______________________________________________
>>>> keycloak-user mailing list
>>>> keycloak-user(a)lists.jboss.org
>>>>
https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>
>>> _______________________________________________
>>> keycloak-user mailing list
>>> keycloak-user(a)lists.jboss.org <mailto:keycloak-user@lists.jboss.org>
>>>
https://lists.jboss.org/mailman/listinfo/keycloak-user
>
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user