[keycloak-user] Implementing Multi-tenancy through Keycloak

[Pedro Igor Silva]

Hi,

Did you take a look at
https://www.keycloak.org/docs/latest/server_admin/#_fine_grain_permissions ?

There are some well-known limitations, but it is a great tool to restrict
what users can manage in a realm.

On Thu, Jul 25, 2019 at 8:20 AM Dhara Basida <dhara.basida at azilen.com>
wrote:

> Hi Team,
>
> We are currently planning to integrate our application with keycloak in
> order to achieve multi-tenancy. We have hierarchy like :
>
> 1)    Super Admin : Who have access to eveything and will create tenant.
> 2)    Tenant Admin :  This admin can create their Members and one tenant
> admin cannot see the data of another tenant admin or Tenant. Also he
> could not able to see any details of Super Admin.
> 3)    Members : Member are specific to Tenant. Member have rights to
> create their employees and roles which are applicable for their
> employees. But Member cannot see details of other Members or their
> Tenant Admin.
> 4)    Employees : Employees are users who can only have view permissions
> for role applicable to them and manage their profile. He could not able
> to see any details of Member or Tenant.
>
> QUestions :
>      I have created admin and tenant. I have link admin with Super Admin
> and Tenant Admin with Realm admin. For Member I linked it with Client
> but somehow I don't find the way to manage it. As I am not able to
> create Employees from member (Not able to get Add options for users and
> If I enable manage users or view users role from tenant admin than I can
> also see data of tenant which is wrong).
>
>      Kindly provide the way to achieve these hierarchy.
>
>
> Thank you,
> Dhara Basida
>
>
> ---
> This email has been checked for viruses by Avast antivirus software.
> https://www.avast.com/antivirus
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user