[keycloak-user] realm-management client role "view-realm" needed to view/edit a user?

[EXTERNAL Weimer Benjamin (TNG, INST-CSS/BSV-OS2)]

Hi Huw,

Thanks for your reply! I added the info to the JIRA ticket.

Best regards
Benjamin

Von: Huw McNamara <huwmcnamara at msn.com>
Gesendet: Mittwoch, 17. Juli 2019 17:32
An: EXTERNAL Weimer Benjamin (TNG, INST-CSS/BSV-OS2) <external.Benjamin.Weimer at bosch-si.com>; keycloak-user at lists.jboss.org
Betreff: Re: [keycloak-user] realm-management client role "view-realm" needed to view/edit a user?

Hi Benjamin,

There's an open bug for view-realm being needed to access the credentials tab for clients https://issues.jboss.org/browse/KEYCLOAK-10782.
Maybe they are related and you could add the info to the JIRA ticket? Although fine grain permissions are tech preview.

Thanks,
Huw

________________________________
From: keycloak-user-bounces at lists.jboss.org<mailto:keycloak-user-bounces at lists.jboss.org> <keycloak-user-bounces at lists.jboss.org<mailto:keycloak-user-bounces at lists.jboss.org>> on behalf of EXTERNAL Weimer Benjamin (TNG, INST-CSS/BSV-OS2) <external.Benjamin.Weimer at bosch-si.com<mailto:external.Benjamin.Weimer at bosch-si.com>>
Sent: 17 July 2019 15:39
To: keycloak-user at lists.jboss.org<mailto:keycloak-user at lists.jboss.org>
Subject: [keycloak-user] realm-management client role "view-realm" needed to view/edit a user?

Hi all,

we are using fine grain permissions in Keycloak to set the rights to edit certain users and have noticed that the roles "manage-users" and "query-realm" of the "realm-management" client are not sufficient to view and edit single users. The "view-realm" role seems to be needed for that. Can you explain me why this role is needed for this action?

Best regards and thanks in advance
Benjamin Weimer

_______________________________________________
keycloak-user mailing list
keycloak-user at lists.jboss.org<mailto:keycloak-user at lists.jboss.org>
https://lists.jboss.org/mailman/listinfo/keycloak-user