Re: [keycloak-user] User cannot assign client Role to user with just

Hi Robrecht, That’s exactly how we do it, give the user query-clients and fine-grained permissions on every client he is allowed to see. Best regards, Sebastian Mit freundlichen Grüßen / Best regards Dr.-Ing. Sebastian Schuster Open Source Services (INST-CSS/BSV-OS2) Bosch Software Innovations GmbH | Ullsteinstr. 128 | 12109 Berlin | GERMANY | www.bosch-si.com Tel. +49 30 726112-485 | Mobil +49 152 02177668 | Fax +49 30 726112-100 | Sebastian.Schuster(a)bosch-si.com Sitz: Berlin, Registergericht: Amtsgericht Charlottenburg; HRB 148411 B Aufsichtsratsvorsitzender: Dr.-Ing. Thorsten Lücke; Geschäftsführung: Dr. Stefan Ferber, Michael Hahn, Dr. Aleksandar Mitrovic -----Ursprüngliche Nachricht----- Von: keycloak-user-bounces(a)lists.jboss.org <keycloak-user-bounces(a)lists.jboss.org&gt; Im Auftrag von robrecht anrijs Gesendet: Mittwoch, 11. September 2019 13:43 An: keycloak-user(a)lists.jboss.org Betreff: [keycloak-user] User cannot assign client Role to user with just Hi keycloak users, We recently upgraded from keycloak 3.4.3 to 6.0.1, and noticed that a user with the roles 'manage-users' and 'view-users' on the client 'realm-management' cannot see the list of client roles any more. Because of that, the user cannot assing a specific client role to a group or a user. Screenshot: I[image: image.png] Is this a bug? Or is expected behaviour? As a workaround I added the role 'view-clients' to that user, but now the users sees to much. I only want to configure that user, so he can manage the roles for users & groups. Do I need to enahble the fine-grained permissions for that ( https://www.keycloak.org/docs/6.0/server_admin/#_fine_grain_permissions) Thx for the answers, Kind regards, Robrecht