[keycloak-dev] Hide internal clients and roles

Stian Thorgersen stian at redhat.com
Wed Jun 10 10:02:08 EDT 2015


I think we should make the console easier to use for regular users so I reckon we should not display them by default, then have an option to view them for advanced users.

This would also allow us to have a "Blank Slate" page when a user installs a new server or creates a new realm. In this case instead of showing an empty table we can show a piece of text that describes what clients are, etc. This was one of the recommendations we got from UXC guys (see https://www.patternfly.org/patterns/blank-slate/)

----- Original Message -----
> From: "Marek Posolda" <mposolda at redhat.com>
> To: "Stian Thorgersen" <stian at redhat.com>
> Cc: "keycloak dev" <keycloak-dev at lists.jboss.org>
> Sent: Wednesday, 10 June, 2015 3:56:36 PM
> Subject: Re: [keycloak-dev] Hide internal clients and roles
> 
> On 10.6.2015 15:48, Stian Thorgersen wrote:
> > Maybe by default we hide them, but have an option to view?
> yeah. Or display them in the list, but with some different color/flag
> and when someone click on it, it will display some confirmation dialog
> with "You are trying to access internal client. Are you sure you know
> what are doing?" or something like that. But I am not sure about the
> usability of this though...
> 
> Marek
> >
> > Disabling account client is probably better done with a realm option than
> > removing the client though.
> >
> > ----- Original Message -----
> >> From: "Marek Posolda" <mposolda at redhat.com>
> >> To: "Stian Thorgersen" <stian at redhat.com>, "keycloak dev"
> >> <keycloak-dev at lists.jboss.org>
> >> Sent: Wednesday, 10 June, 2015 3:46:23 PM
> >> Subject: Re: [keycloak-dev] Hide internal clients and roles
> >>
> >> I am like 50/50 . I can imagine this has some advantages as people won't
> >> be easily able to delete system clients/roles and break their keycloak
> >> server.
> >>
> >> On the other hand, when I am admin, I might be confused why some roles
> >> are not in the roles list, but are in default roles list etc? Also if
> >> someone really knows what he is doing, this might be unwanted
> >> restriction - for example people may want to add more composite roles
> >> into "admin" role or they want to disable account client as Vlasta
> >> pointed etc.
> >>
> >> Marek
> >>
> >> On 10.6.2015 09:19, Stian Thorgersen wrote:
> >>> I propose we add an attribute 'kc_internal' to internal clients
> >>> (security-admin-console, master-realm, account, broker) and hide these
> >>> from the clients table.
> >>>
> >>> We should also do this to internal roles 'admin' and 'create-realm' so
> >>> these roles are not displayed in realm roles list. They would only be
> >>> hidden from this page, but still be visible in user role mapping, scope
> >>> mappings and default roles.
> >>> _______________________________________________
> >>> keycloak-dev mailing list
> >>> keycloak-dev at lists.jboss.org
> >>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
> >>
> 
> 


More information about the keycloak-dev mailing list