Hi everyone, I got trouble to allow users the permission to access the realm admin console. I want some users to be able to add users to groups, but not see any of the client configuration etc. I added the roles "manage-users", "view-users" and "query-groups" to a test user. When logging in with the test user (which I verified is logging in with the correct user id in the Keycloak logs), I can not access the realm admin console due to: "Forbidden You don't have access to the requested resource." When I add more privileges, such as "view-realm", then I can access the realm admin console with that test user. But this is too much permission for my users. This is a screenshot which shows the effective roles of the test user. The three role mappings described above are set in a group and the test user is member of this group. [image: grafik.png] Any tip on how to have the user access the admin console and only allow the user to view clients and manage group membership? Keycloak Server Version 4.8.3.Final Thanks! _______________________________________________ keycloak-user mailing list keycloak-user(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-user