Hi Cedric,
Indeed, the roles/{role-name}/users endpoint returns assigned roles only. OTOH, for a
single user it is possible to retrieve the list of effective roles, which is computed.
You can file an improvement request at JIRA, but I'm not sure if it will be accepted.
To implement it in an efficient way, effective roles should be cached in the DB, that
means significant changes to the codebase.
Meanwhile, you can implement this piece of functionality as an extension to Keycloak. Let
me know if that is interesting for you, so I'd elaborate.
Cheers,
Dmitry Telegin
CTO, Acutus s.r.o.
Keycloak Consulting and Training
Pod lipami street 339/52, 130 00 Prague 3, Czech Republic
+42 (022) 888-30-71
E-mail: info(a)acutus.pro
On Mon, 2018-07-23 at 18:36 +0200, Cedric Vidaillac wrote:
Hi all,
I'm trying things with the admin CLI, I want to get all users that have a
specified role,
So I'm using this :
GET /{realm}/clients/{id}/roles/{role-name}/users
Then, we decided it was really easier to manage users by assigning them to
a default group, then assigning roles to my default group... than assigning
roles for each users everytime...
So when I lookup any user now, on the "role mapping" tab, I can see the
desired role on the "*Effective Roles*" column, good.
However, the API above only return users which have the role in the "Assigned
Roles", even though my user have the role through the group.
So I this normal or is it a bug ?
As the goal of the API is to " Return List of Users that have the specified
role name" I'd say it's a bug, but maybe I'm not seeing clear.
Thanks for reading.
Cedric.
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user