[keycloak-dev] Hide internal clients and roles

Bill Burke bburke at redhat.com
Wed Jun 10 10:39:11 EDT 2015



On 6/10/2015 10:15 AM, Stian Thorgersen wrote:
>
>
> ----- Original Message -----
>> From: "Bill Burke" <bburke at redhat.com>
>> To: keycloak-dev at lists.jboss.org
>> Sent: Wednesday, 10 June, 2015 4:08:16 PM
>> Subject: Re: [keycloak-dev] Hide internal clients and roles
>>
>> I think security-admin-console and realm-management should be merged in
>> non-Master realms.  In master realm, rename everything to
>> <realm>-security-admin-console.  Finally, an internal role or client
>> would not be able to be deleted.
>>
>> I don't think you should hide any roles ever.  I don't see why you would
>> want to.  I do think you should make internal clients and roles unremovable.
>
> Hiding the internal realm roles would enable a "blank slate" page on the realm roles list. Alternatively, and I actually think this is a better idea, is to make the admin and create-realm roles roles of the master-security-admin-console realm rather than realm roles. In that case all we need is "internal" clients and an option to view/hide them on the clients list.
>

Do you like the idea of merging security-admin-console and realm-management?

+1 to moving "admin" and "create-realm" to master-security-admin-console.

The "blank slate" page could be displayed if there is no *non* 
internal-clients/roles.  There could be a button or link on the Blank 
Slate page "View built-in clients" along with "create client".  I don't 
know if it is better to have a "hide built-in clients" checkbox on the 
client list page, or to just show them by default.

> Which one is it btw "an internal role or client would not be able to be deleted" or "I do think you should make internal clients and roles unremovable"?

Sorry, I repeated myself without realizing.  internal things should not 
be deletable or removable, right?

-- 
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com


More information about the keycloak-dev mailing list