[keycloak-user] Roles for User Management
Marek Posolda
mposolda at redhat.com
Wed Aug 5 04:59:36 EDT 2015
On 4.8.2015 18:00, Vito Vessia wrote:
> Hi all,
> I'm trying to use KC for a suite of multitenant webapps. Each
> tenant/customer has a separated realm and I use a custom Federation
> Provider to map users and roles to my company's legacy custom ACL
> database. Customers also want to manage/create users by their own, but
> I don't want they manage other realm stuff like Federation Provider
> parameters, client apps, etc, so I have to provide to some users of
> each realm the only roles of "manage-user"/"view-users" from the app
> realm-management, so they can only view the Manage User option in the
> realm Console.
> The problem is that through the console they may promote themselves
> assigning to existing users or to new users the role of "manage-realm"
> and after a simple refresh they can manage the entire realm.
> Is there a way to avoid this or am I wrong to do this?
Looks like not. Feel free to create JIRA for this.
> One more question connected to this one: is there a way to localize
> also the realm console? If my customers have to manage their own
> users, they would read labels and messages in their own languages.
> Thank you very much for your time and for your great and versatile
> product.
AFAIK Stan is looking at admin console localization. Maybe it will be in
1.5 release.
Marek
>
> Best regards
> --Vito
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20150805/a64b28fb/attachment.html
More information about the keycloak-user
mailing list