[keycloak-user] Keycloak Roles

Stian Thorgersen stian at redhat.com
Mon Feb 2 03:20:28 EST 2015


All access control in Keycloak is per-realm and there's currently no way you could do per-app access control in Keycloak other than rolling your own endpoints.

----- Original Message -----
> From: "Raghu Prabhala" <prabhalar at yahoo.com>
> To: "Keycloak-user" <keycloak-user at lists.jboss.org>
> Sent: Sunday, 1 February, 2015 1:09:09 PM
> Subject: [keycloak-user] Keycloak Roles
> 
> It appears that the current "manage" roles in Keycloak seem to be cover all
> clients/apps meaning app1 or client1 created by user1 can be deleted or
> user2. Is that correct? If so, is there any realm specific role that would
> allow users to manage only the client or applications created by them?
> Taking this further, can a group of users create and manage only their
> applications but not the ones created by another group of users? If not, how
> can I setup or create new roles to meet that functionality which would be
> provided to all uses
> 
> 
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user


More information about the keycloak-user mailing list