Hi Jody,
This should be fixed in 5.0.0. Could you try it out?
Regards.
Pedro Igor
On Tue, Apr 2, 2019 at 8:38 AM Jody H <j9dy1g(a)gmail.com> wrote:
Hi everyone,
I got trouble to allow users the permission to access the realm admin
console.
I want some users to be able to add users to groups, but not see any of the
client configuration etc.
I added the roles "manage-users", "view-users" and
"query-groups" to a test
user. When logging in with the test user (which I verified is logging in
with the correct user id in the Keycloak logs), I can not access the realm
admin console due to:
"Forbidden
You don't have access to the requested resource."
When I add more privileges, such as "view-realm", then I can access the
realm admin console with that test user. But this is too much permission
for my users.
This is a screenshot which shows the effective roles of the test user. The
three role mappings described above are set in a group and the test user is
member of this group.
[image: grafik.png]
Any tip on how to have the user access the admin console and only allow the
user to view clients and manage group membership?
Keycloak Server Version 4.8.3.Final
Thanks!
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user