I agree it should be manage-users. JIRA please
One caveat at the moment manage-users allows a user to assign admin role to
himself as there's no restrictions on what roles can be assigned to users.
This is something we're looking at improving hopefully for 1.8.
On 27 November 2015 at 09:53, Gregor Tudan <Gregor.Tudan(a)cofinpro.de> wrote:
Hi everyone,
while I totally agree that any configuration of the bruteforce-detection
should require the realm-management role, I’d like to raise the question if
clearing failed attempts should be that restrictive.
This affects the following service endpoints:
DELETE
/admin/realms/{realm}/attack-detection/brute-force/usernames/{username}
DELETE /admin/realms/{realm}/attack-detection/brute-force/usernames
We would like to enable callcenter agents to unlock specific users, but
giving them realm-management permissions doesn't feel right. Would’t
user-management be more appropriate permissions for these endpoints, or are
there side effects to consider?
Thanks,
Gregor
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user