[keycloak-dev] Hide internal clients and roles

Marek Posolda mposolda at redhat.com
Wed Jun 10 10:07:36 EDT 2015


+1

On 10.6.2015 16:02, Stian Thorgersen wrote:
> I think we should make the console easier to use for regular users so I reckon we should not display them by default, then have an option to view them for advanced users.
>
> This would also allow us to have a "Blank Slate" page when a user installs a new server or creates a new realm. In this case instead of showing an empty table we can show a piece of text that describes what clients are, etc. This was one of the recommendations we got from UXC guys (see https://www.patternfly.org/patterns/blank-slate/)
>
> ----- Original Message -----
>> From: "Marek Posolda" <mposolda at redhat.com>
>> To: "Stian Thorgersen" <stian at redhat.com>
>> Cc: "keycloak dev" <keycloak-dev at lists.jboss.org>
>> Sent: Wednesday, 10 June, 2015 3:56:36 PM
>> Subject: Re: [keycloak-dev] Hide internal clients and roles
>>
>> On 10.6.2015 15:48, Stian Thorgersen wrote:
>>> Maybe by default we hide them, but have an option to view?
>> yeah. Or display them in the list, but with some different color/flag
>> and when someone click on it, it will display some confirmation dialog
>> with "You are trying to access internal client. Are you sure you know
>> what are doing?" or something like that. But I am not sure about the
>> usability of this though...
>>
>> Marek
>>> Disabling account client is probably better done with a realm option than
>>> removing the client though.
>>>
>>> ----- Original Message -----
>>>> From: "Marek Posolda" <mposolda at redhat.com>
>>>> To: "Stian Thorgersen" <stian at redhat.com>, "keycloak dev"
>>>> <keycloak-dev at lists.jboss.org>
>>>> Sent: Wednesday, 10 June, 2015 3:46:23 PM
>>>> Subject: Re: [keycloak-dev] Hide internal clients and roles
>>>>
>>>> I am like 50/50 . I can imagine this has some advantages as people won't
>>>> be easily able to delete system clients/roles and break their keycloak
>>>> server.
>>>>
>>>> On the other hand, when I am admin, I might be confused why some roles
>>>> are not in the roles list, but are in default roles list etc? Also if
>>>> someone really knows what he is doing, this might be unwanted
>>>> restriction - for example people may want to add more composite roles
>>>> into "admin" role or they want to disable account client as Vlasta
>>>> pointed etc.
>>>>
>>>> Marek
>>>>
>>>> On 10.6.2015 09:19, Stian Thorgersen wrote:
>>>>> I propose we add an attribute 'kc_internal' to internal clients
>>>>> (security-admin-console, master-realm, account, broker) and hide these
>>>>> from the clients table.
>>>>>
>>>>> We should also do this to internal roles 'admin' and 'create-realm' so
>>>>> these roles are not displayed in realm roles list. They would only be
>>>>> hidden from this page, but still be visible in user role mapping, scope
>>>>> mappings and default roles.
>>>>> _______________________________________________
>>>>> keycloak-dev mailing list
>>>>> keycloak-dev at lists.jboss.org
>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>



More information about the keycloak-dev mailing list