All access control in Keycloak is per-realm and there's currently no way you could do
per-app access control in Keycloak other than rolling your own endpoints.
----- Original Message -----
From: "Raghu Prabhala" <prabhalar(a)yahoo.com>
To: "Keycloak-user" <keycloak-user(a)lists.jboss.org>
Sent: Sunday, 1 February, 2015 1:09:09 PM
Subject: [keycloak-user] Keycloak Roles
It appears that the current "manage" roles in Keycloak seem to be cover all
clients/apps meaning app1 or client1 created by user1 can be deleted or
user2. Is that correct? If so, is there any realm specific role that would
allow users to manage only the client or applications created by them?
Taking this further, can a group of users create and manage only their
applications but not the ones created by another group of users? If not, how
can I setup or create new roles to meet that functionality which would be
provided to all uses
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user