[keycloak-dev] Hide internal clients and roles
Bill Burke
bburke at redhat.com
Wed Jun 10 10:39:11 EDT 2015
On 6/10/2015 10:15 AM, Stian Thorgersen wrote:
>
>
> ----- Original Message -----
>> From: "Bill Burke" <bburke at redhat.com>
>> To: keycloak-dev at lists.jboss.org
>> Sent: Wednesday, 10 June, 2015 4:08:16 PM
>> Subject: Re: [keycloak-dev] Hide internal clients and roles
>>
>> I think security-admin-console and realm-management should be merged in
>> non-Master realms. In master realm, rename everything to
>> <realm>-security-admin-console. Finally, an internal role or client
>> would not be able to be deleted.
>>
>> I don't think you should hide any roles ever. I don't see why you would
>> want to. I do think you should make internal clients and roles unremovable.
>
> Hiding the internal realm roles would enable a "blank slate" page on the realm roles list. Alternatively, and I actually think this is a better idea, is to make the admin and create-realm roles roles of the master-security-admin-console realm rather than realm roles. In that case all we need is "internal" clients and an option to view/hide them on the clients list.
>
Do you like the idea of merging security-admin-console and realm-management?
+1 to moving "admin" and "create-realm" to master-security-admin-console.
The "blank slate" page could be displayed if there is no *non*
internal-clients/roles. There could be a button or link on the Blank
Slate page "View built-in clients" along with "create client". I don't
know if it is better to have a "hide built-in clients" checkbox on the
client list page, or to just show them by default.
> Which one is it btw "an internal role or client would not be able to be deleted" or "I do think you should make internal clients and roles unremovable"?
Sorry, I repeated myself without realizing. internal things should not
be deletable or removable, right?
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
More information about the keycloak-dev
mailing list