On 10. Jul 2018, at 13:59, Dmitry Telegin <dt(a)acutus.pro&gt; wrote: Hi Torsten, AFAIK this cannot be done out of the box. However, per [1], > At the moment there are two roles associated with the account > application: > > * view-profile - retrive the user profile (produces json) > * manage-account - management the account (produces html, and > consumes forms) (there's also manage-account-links now, but this is not important here) Thus, you can revoke manage-account (but let view-profile) and create your own profile page that would retrieve JSON and render it the way you like. [1] http://lists.jboss.org/pipermail/keycloak-dev/2013-November/000678. html Cheers, Dmitry Telegin CTO, Acutus s.r.o. Keycloak Consulting and Training Pod lipami street 339/52, 130 00 Prague 3, Czech Republic +42 (022) 888-30-71 E-mail: info(a)acutus.pro On Fri, 2018-07-06 at 14:04 +0200, Torsten Juergeleit wrote: > Hi everyone, > > we have the requirement, that the users are not able to change their > account details (email, first name, last name) in Keycloak's account > client. We need read-only access to the admin client, so removing the > admin > client from the realm is not an option. > > Is there any way to achieve this other than blocking any post to > "/auth/realms/<realm>/account/" in our reverse proxy? > > Cheers, > Torsten > _______________________________________________ > keycloak-user mailing list > keycloak-user(a)lists.jboss.org > https://lists.jboss.org/mailman/listinfo/keycloak-user