thanks for your help.
On Sun, Oct 19, 2014 at 3:05 PM, Bill Burke <bburke(a)redhat.com> wrote:
No easy way to do this. Our roadmap is pretty full at the moment so
we'd need the community to help out.
On 10/18/2014 1:25 PM, Alexander Chriztopher wrote:
> At the end of the day any customer data is at the tip of a finger of an
> admin or other people who can see all they want with an sql statement or
> even easier sometimes. I've seen a big bank who had this feature
> implemented on their online banking website and it's been validated by
> all the security audits out there and it was really helpful.
>
> Is there is a nice way to get this done with Keycloak ?
>
> Anyone has an idea !
>
>
>
> On 17 Oct 2014, at 20:36, Stan Silvert <ssilvert(a)redhat.com
> <mailto:ssilvert@redhat.com>> wrote:
>
>> On 10/17/2014 1:53 PM, Alexander Chriztopher wrote:
>>> This is not an issue in our context as it is just to secure an
>>> application where admins are publishing data to users and they would
>>> like to make sure they are publishing the right thing and nothing
>>> more which otherwise would be a big security hole. Users on the other
>>> hand will upload documents for admins.
>>>
>>> There is nothing as such as bank accounts issues or private data
>>> issues as you mentioned.
>> I understand. But Keycloak is also used by applications where those
>> issues do exist.
>>>
>>>
>>>
>>> On 17 Oct 2014, at 19:07, Stan Silvert <ssilvert(a)redhat.com
>>> <mailto:ssilvert@redhat.com>> wrote:
>>>
>>>> I see how that would be very useful but it would also be very, very
>>>> dangerous. You can't give the admin rights to just waltz into
>>>> someone's bank account.
>>>>
>>>> At the very least we would need a way for the user to give consent.
>>>>
>>>> On 10/17/2014 11:00 AM, Alexander Chriztopher wrote:
>>>>> Hi,
>>>>>
>>>>> I would like to know if there is a way to let a connected user -an
>>>>> admin- reconnect as another user -with less privilegies- without
>>>>> providing a password.
>>>>>
>>>>> The idea is to be able for a super user to see how exactly an
>>>>> application behaves with another user without knowing that user
>>>>> credentials.
>>>>>
>>>>> Thanks for any help.
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> keycloak-user mailing list
>>>>> keycloak-user(a)lists.jboss.org
>>>>>
https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>
>>>> _______________________________________________
>>>> keycloak-user mailing list
>>>> keycloak-user(a)lists.jboss.org
<mailto:keycloak-user@lists.jboss.org>
>>>>
https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
>
https://lists.jboss.org/mailman/listinfo/keycloak-user
>
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user