[keycloak-dev] Hide internal clients and roles

[Bill Burke]

I think security-admin-console and realm-management should be merged in 
non-Master realms.  In master realm, rename everything to 
<realm>-security-admin-console.  Finally, an internal role or client 
would not be able to be deleted.

I don't think you should hide any roles ever.  I don't see why you would 
want to.  I do think you should make internal clients and roles unremovable.



On 6/10/2015 9:46 AM, Marek Posolda wrote:
> I am like 50/50 . I can imagine this has some advantages as people won't
> be easily able to delete system clients/roles and break their keycloak
> server.
>
> On the other hand, when I am admin, I might be confused why some roles
> are not in the roles list, but are in default roles list etc? Also if
> someone really knows what he is doing, this might be unwanted
> restriction - for example people may want to add more composite roles
> into "admin" role or they want to disable account client as Vlasta
> pointed etc.
>
> Marek
>
> On 10.6.2015 09:19, Stian Thorgersen wrote:
>> I propose we add an attribute 'kc_internal' to internal clients (security-admin-console, master-realm, account, broker) and hide these from the clients table.
>>
>> We should also do this to internal roles 'admin' and 'create-realm' so these roles are not displayed in realm roles list. They would only be hidden from this page, but still be visible in user role mapping, scope mappings and default roles.
>> _______________________________________________
>> keycloak-dev mailing list
>> keycloak-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>

-- 
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com