I agree it should be manage-users. JIRA please

One caveat at the moment manage-users allows a user to assign admin role to himself as there's no restrictions on what roles can be assigned to users. This is something we're looking at improving hopefully for 1.8.

On 27 November 2015 at 09:53, Gregor Tudan <Gregor.Tudan@cofinpro.de> wrote:

Hi everyone,

while I totally agree that any configuration of the bruteforce-detection should require the realm-management role, I’d like to raise the question if clearing failed attempts should be that restrictive.

This affects the following service endpoints:

DELETE /admin/realms/{realm}/attack-detection/brute-force/usernames/{username}

DELETE /admin/realms/{realm}/attack-detection/brute-force/usernames

We would like to enable callcenter agents to unlock specific users, but giving them realm-management permissions doesn't feel right. Would’t user-management be more appropriate permissions for these endpoints, or are there side effects to consider?

Thanks,

Gregor

_______________________________________________
keycloak-user mailing list
keycloak-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user