Much appreciated on the info :-) .. for now we will live without it, but
good to know things are on the roadmap
On Thu, Jun 28, 2018 at 1:45 PM Pedro Igor Silva <psilva(a)redhat.com> wrote:
You are not the first one to indicate this limitation. We need to
review fine-grained admin permissions and discuss what we want or not to
There are some known limitations and I think the idea behind the
implementation would be to check how people would use this functionality.
Based on all feedback we are receiving from community, I think we can start
looking at improving this functionality.
There is https://issues.jboss.org/browse/KEYCLOAK-6127
, which I think is
related wth your problem. If so, feel free to push more details.
On Thu, Jun 28, 2018 at 7:25 AM, gambol <gambol99(a)gmail.com> wrote:
> I'm guessing this isn't possible yet but just in case, is it possible to
> provide fine-grain controls over the creation of local accounts. At the
> moment we have a project whom we to gave the ability to control membership
> of one or more groups via "User Policy" in authorization services. We
> like them to be able to "create" a user as well, but retain the above
> limitation. At the moment this doesn't look like its possible as the only
> way to get the "Add User" button is to add the "manage-users"
> "realm-management" .. This unfortunately gives the access to do anything
> they want with the users .. adding a group, delete etc etc
> Are there any plan's to extend the scopes available under the Users
> resource type? ..
> keycloak-user mailing list