I think you should open a bug report. I agree with you that it does not
make sense to expose those other config settings (even if limited to
read-only.) Post the ticket here and I'll vote for it.
On Mon, 24 Dec 2018 at 17:14, Mandy Fung <mandy.fung(a)tasktop.com> wrote:
Thanks for the reply! This indeed allowed the user to access the
realm
console. However, this also exposed other configurations that we do not
wish the admin users to see such as configuring the Realm Settings, Roles,
User Federation, and Authentication.
Is there another configuration that would allow the user to access the
admin console and only expose the manage groups and users tab?
Thanks again,
Mandy
On Sat, Dec 22, 2018 at 2:00 PM Geoffrey Cleaves <geoff(a)opticks.io> wrote:
> When I was messing with granular permissions recently I had to give the
> view-realm role in order to log into the Admin Console.
>
> On Fri, Dec 21, 2018, 19:29 Mandy Fung <mandy.fung(a)tasktop.com wrote:
>
>> Hello,
>>
>> We've recently upgraded from 4.5.0 to 4.7.0 and users can no longer
>> access
>> the dedicated realm admin console (/auth/admin/{realm}/console) with the
>> same realm-management roles that they had in 4.5.0.
>>
>> We only want our admin users to manage users and groups and in 4.5.0 we
>> were able to assign the following roles to our admin users such that only
>> the "Manage > Groups" and "Manage > Users" tab show up
in the realm admin
>> console: 'manage-users', 'query-groups', 'query-users',
and 'view-users'.
>>
>> However, with the new upgrade to 4.7.0 these admin users with the same
>> realm-management roles assigned can no longer access the realm admin
>> console and they see a 403 Forbidden error page.
>>
>> Has anyone run into this issue recently or if there are some new realm
>> management roles added in 4.7.0 that we need to re-configure?
>>
>> Best regards,
>> Mandy
>>
>> --
>>
>>
>> *Mandy Fung **|* Software Engineer 1 *| *Tasktop
>>
>> *email: *mandy.fung(a)tasktop.com
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user(a)lists.jboss.org
>>
https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>
--
*Mandy Fung **|* Software Engineer 1 *| *Tasktop
*email: *mandy.fung(a)tasktop.com