[keycloak-dev] Realm role to see groups and roles (only)
Erik Berdonces Bonelo
e.berdoncesbonelo at campus.tu-berlin.de
Wed Nov 16 13:31:06 EST 2016
Hello everyone,
I’m checking the different realm roles (listed here: https://keycloak.gitbooks.io/server-adminstration-guide/content/topics/admin-console-permissions/master-realm.html).
I’m trying to allow a user to only view the list of groups and roles available in the realm. I’d like not to allow him to list all the users, as this would be a bit too dangerous.
Is there any combination for this? Mostly because with the `view-realm` role I can see the realm roles. However I need to enable `view-users`role to also see the groups, and that enables all the users as well. Otherwise I’ll open a feature request to Jira…
The idea is that I want to allow a client in the admin API to fetch this information (roles and groups only), so I’d give to the Client’s Service Account the minimum roles, so it can fetch the data. This way, I’d fill up an autocomplete form so the users can setup easily a role mapping between Keycloak and my local website. We have lots of roles, and remembering them by memory it’s not a case!
Thanks a lot in advance!
—
Best Regards,
Erik Berdonces Bonelo
More information about the keycloak-dev
mailing list