[keycloak-user] Global "reporting" role like admin but with read-only access to everything?
pkboucher801 at gmail.com
pkboucher801 at gmail.com
Mon Jul 16 14:50:50 EDT 2018
Apologies if this is a duplicate.
From: pkboucher801 at gmail.com [mailto:pkboucher801 at gmail.com]
Sent: Monday, July 16, 2018 2:42 PM
To: keycloak-user at lists.jboss.org
Subject: Global "reporting" role like admin but with read-only access to
everything?
According to
https://www.keycloak.org/docs/latest/server_admin/index.html#global-roles
there are two global roles, admin and create-realm, but we would like to add
a third one, call it reporting, that has read-only access to all settings in
every realm (so all of the view- and query- permissions).
We can create the role as a composite with permissions over every realm, but
if a new realm is added later, the reporting role has no access unless we
explicitly grant it.
Is it possible for us to add a global role by creating a new realm role in
the master realm, and giving it a particular configuration and/or set of
permissions?
Thanks!
Regards,
Peter K. Boucher
More information about the keycloak-user
mailing list