[keycloak-user] Authorization Services - Admin Console

gambol gambol99 at gmail.com
Thu Jun 28 10:40:04 EDT 2018


Hi Pedro

Much appreciated on the info :-) .. for now we will live without it, but
good to know things are on the roadmap

Rohith

On Thu, Jun 28, 2018 at 1:45 PM Pedro Igor Silva <psilva at redhat.com> wrote:

> You are not the first one to indicate this limitation. We need to plan a
> review fine-grained admin permissions and discuss what we want or not to
> support.
>
> There are some known limitations and I think the idea behind the
> implementation would be to check how people would use this functionality.
> Based on all feedback we are receiving from community, I think we can start
> looking at improving this functionality.
>
> There is https://issues.jboss.org/browse/KEYCLOAK-6127, which I think is
> related wth your problem. If so, feel free to push more details.
>
> Regards.
> Pedro Igor
>
> On Thu, Jun 28, 2018 at 7:25 AM, gambol <gambol99 at gmail.com> wrote:
>
>> Hiya
>>
>> I'm guessing this isn't possible yet but just in case, is it possible to
>> provide fine-grain controls over the creation of local accounts. At the
>> moment we have a project whom we to gave the ability to control membership
>> of one or more groups via "User Policy" in authorization services. We
>> would
>> like them to be able to "create" a user as well, but retain the above
>> limitation. At the moment this doesn't look like its possible as the only
>> way to get the "Add User" button is to add the "manage-users" role from
>> "realm-management" .. This unfortunately gives the access to do anything
>> they want with the users .. adding a group, delete etc etc
>>
>> Are there any plan's to extend the scopes available under the Users
>> resource type? ..
>>
>> Rohith
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>
>


More information about the keycloak-user mailing list