6:55 a.m.
Hi Team,
We are currently planning to integrate our application with keycloak in
order to achieve multi-tenancy. We have hierarchy like :
1) Super Admin : Who have access to eveything and will create tenant.
2) Tenant Admin : This admin can create their Members and one tenant
admin cannot see the data of another tenant admin or Tenant. Also he
could not able to see any details of Super Admin.
3) Members : Member are specific to Tenant. Member have rights to
create their employees and roles which are applicable for their
employees. But Member cannot see details of other Members or their
Tenant Admin.
4) Employees : Employees are users who can only have view permissions
for role applicable to them and manage their profile. He could not able
to see any details of Member or Tenant.
QUestions :
I have created admin and tenant. I have link admin with Super Admin
and Tenant Admin with Realm admin. For Member I linked it with Client
but somehow I don't find the way to manage it. As I am not able to
create Employees from member (Not able to get Add options for users and
If I enable manage users or view users role from tenant admin than I can
also see data of tenant which is wrong).
Kindly provide the way to achieve these hierarchy.
Thank you,
Dhara Basida
---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus
8:34 a.m.
Hi,
Did you take a look at
https://www.keycloak.org/docs/latest/server_admin/#_fine_grain_permissions ?
There are some well-known limitations, but it is a great tool to restrict
what users can manage in a realm.
On Thu, Jul 25, 2019 at 8:20 AM Dhara Basida <dhara.basida(a)azilen.com>
wrote:
Hi Team,
We are currently planning to integrate our application with keycloak in
order to achieve multi-tenancy. We have hierarchy like :
1) Super Admin : Who have access to eveything and will create tenant.
2) Tenant Admin : This admin can create their Members and one tenant
admin cannot see the data of another tenant admin or Tenant. Also he
could not able to see any details of Super Admin.
3) Members : Member are specific to Tenant. Member have rights to
create their employees and roles which are applicable for their
employees. But Member cannot see details of other Members or their
Tenant Admin.
4) Employees : Employees are users who can only have view permissions
for role applicable to them and manage their profile. He could not able
to see any details of Member or Tenant.
QUestions :
I have created admin and tenant. I have link admin with Super Admin
and Tenant Admin with Realm admin. For Member I linked it with Client
but somehow I don't find the way to manage it. As I am not able to
create Employees from member (Not able to get Add options for users and
If I enable manage users or view users role from tenant admin than I can
also see data of tenant which is wrong).
Kindly provide the way to achieve these hierarchy.
Thank you,
Dhara Basida
---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
1716
days inactive
1735
days old
1 comments
2 participants
participants (2)
-
Dhara Basida -
Pedro Igor Silva