[keycloak-dev] Hide internal clients and roles

Stian Thorgersen stian at redhat.com
Wed Jun 10 09:48:27 EDT 2015


Maybe by default we hide them, but have an option to view?

Disabling account client is probably better done with a realm option than removing the client though.

----- Original Message -----
> From: "Marek Posolda" <mposolda at redhat.com>
> To: "Stian Thorgersen" <stian at redhat.com>, "keycloak dev" <keycloak-dev at lists.jboss.org>
> Sent: Wednesday, 10 June, 2015 3:46:23 PM
> Subject: Re: [keycloak-dev] Hide internal clients and roles
> 
> I am like 50/50 . I can imagine this has some advantages as people won't
> be easily able to delete system clients/roles and break their keycloak
> server.
> 
> On the other hand, when I am admin, I might be confused why some roles
> are not in the roles list, but are in default roles list etc? Also if
> someone really knows what he is doing, this might be unwanted
> restriction - for example people may want to add more composite roles
> into "admin" role or they want to disable account client as Vlasta
> pointed etc.
> 
> Marek
> 
> On 10.6.2015 09:19, Stian Thorgersen wrote:
> > I propose we add an attribute 'kc_internal' to internal clients
> > (security-admin-console, master-realm, account, broker) and hide these
> > from the clients table.
> >
> > We should also do this to internal roles 'admin' and 'create-realm' so
> > these roles are not displayed in realm roles list. They would only be
> > hidden from this page, but still be visible in user role mapping, scope
> > mappings and default roles.
> > _______________________________________________
> > keycloak-dev mailing list
> > keycloak-dev at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-dev
> 
> 


More information about the keycloak-dev mailing list