[keycloak-user] Realm Admin Console not visible with "manage-users", "view-users" and "query-groups" roles
Jody H
j9dy1g at gmail.com
Tue Apr 2 07:20:19 EDT 2019
Hi everyone,
I got trouble to allow users the permission to access the realm admin
console.
I want some users to be able to add users to groups, but not see any of the
client configuration etc.
I added the roles "manage-users", "view-users" and "query-groups" to a test
user. When logging in with the test user (which I verified is logging in
with the correct user id in the Keycloak logs), I can not access the realm
admin console due to:
"Forbidden
You don't have access to the requested resource."
When I add more privileges, such as "view-realm", then I can access the
realm admin console with that test user. But this is too much permission
for my users.
This is a screenshot which shows the effective roles of the test user. The
three role mappings described above are set in a group and the test user is
member of this group.
[image: grafik.png]
Any tip on how to have the user access the admin console and only allow the
user to view clients and manage group membership?
Keycloak Server Version 4.8.3.Final
Thanks!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: grafik.png
Type: image/png
Size: 14125 bytes
Desc: not available
Url : http://lists.jboss.org/pipermail/keycloak-user/attachments/20190402/43033d24/attachment.png
More information about the keycloak-user
mailing list