[keycloak-user] Realm Admin Console not visible with "manage-users", "view-users" and "query-groups" roles

Pedro Igor Silva psilva at redhat.com
Tue Apr 2 08:37:20 EDT 2019


Hi Jody,

This should be fixed in 5.0.0. Could you try it out?

Regards.
Pedro Igor

On Tue, Apr 2, 2019 at 8:38 AM Jody H <j9dy1g at gmail.com> wrote:

> Hi everyone,
>
> I got trouble to allow users the permission to access the realm admin
> console.
> I want some users to be able to add users to groups, but not see any of the
> client configuration etc.
>
> I added the roles "manage-users", "view-users" and "query-groups" to a test
> user. When logging in with the test user (which I verified is logging in
> with the correct user id in the Keycloak logs), I can not access the realm
> admin console due to:
>
> "Forbidden
> You don't have access to the requested resource."
>
> When I add more privileges, such as "view-realm", then I can access the
> realm admin console with that test user. But this is too much permission
> for my users.
>
> This is a screenshot which shows the effective roles of the test user. The
> three role mappings described above are set in a group and the test user is
> member of this group.
> [image: grafik.png]
>
> Any tip on how to have the user access the admin console and only allow the
> user to view clients and manage group membership?
>
> Keycloak Server Version     4.8.3.Final
>
> Thanks!
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user


More information about the keycloak-user mailing list