8:18 a.m.
Hello,
I am struggling with setting up fine grained group management.
I would like to give access a specific user to the following actions on a
specific group:
- view only users in a specific group (don't see the whole list of users)
- manage subgroups of a specific group (can add and delete subgroups). Do
not see all the group list !
- add users to my subgroups
When I try to set this up this gives me the view of all the groups.
Pierre
9:44 a.m.
On Wed, May 23, 2018 at 10:18 AM, Pierre Nowak <pnowak.pierre(a)gmail.com>
wrote:
Hello,
I am struggling with setting up fine grained group management.
I would like to give access a specific user to the following actions on a
specific group:
- view only users in a specific group (don't see the whole list of users)
If you setup the permission "view-members
<http://localhost:8180/auth/admin/master/console/#/realms/fine-grained-adm...
for a Group, you should be able to restrict which users are show
accordingly with a policy. You should also make sure your user (accessing
the admin console) is assigned with "query-users". Make sure
"view-users"
and "manage-users" are not assigned with the user otherwise you will see
all users.
- manage subgroups of a specific group (can add and delete
subgroups). Do
not see all the group list !
I think this is not supported at the moment. I would need to take a look.
We have other RFEs and issues around this, mabe you can fill a JIRA for
this particular one.
- add users to my subgroups
If you setup the permission "manage-membership
<http://localhost:8180/auth/admin/master/console/#/realms/fine-grained-adm...
for a Group, you should be able to restrict who can add/remove users from a
group.
When I try to set this up this gives me the view of all the groups.
Pierre
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
2421
days inactive
2421
days old
1 comments
2 participants
participants (2)
-
Pedro Igor Silva -
Pierre Nowak