[keycloak-user] Fine-grained enough for local group admins?

Pedro Igor Silva psilva at redhat.com
Mon May 27 08:49:58 EDT 2019


You should be able to do #3 and #4.

For #1 and #2, we would need to allow you to obtain the user being
created/changed as a resource. Today we always pass a "Users" resource
representing all users.

Please, open a JIRA with more details about your scenario so that we can
consider the requirements in future versions and improvements to the
functionality.

On Mon, May 27, 2019 at 8:15 AM Per Erik Gransøe <
Per.Erik.Gransoe at systematic.com> wrote:

> Hi
>
> Can I solve the following with KeyCloak, with fine-granted permissions
> enabled? (also posted here:
> https://stackoverflow.com/questions/51616770/keycloak-restricting-user-management-to-certain-groups-while-enabling-manage-us
> ):
>
> We have Group X and Group Y.
>
> The role 'Group X Admin' can do the following:
>
>
>   1.  Can create users without a group.
>   2.  Can assign users without a group to group X.
>   3.  Can edit and manage users in group X.
>   4.  Cannot see/edit/manage users in group Y.
>
> Med venlig hilsen / Kind regards
>
> [Systematic Logo]<http://www.systematic.com/>
> Per Erik Gransøe
> Senior Systems Engineer
>
> Søren Frichs Vej 39, 8000 Aarhus C
> Denmark
>
> Mobile: +45 3038 6841
> Per.Erik.Gransoe at Systematic.com<mailto:Per.Erik.Gransoe at Systematic.com>
> www.systematic.com<http://www.systematic.com>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user


More information about the keycloak-user mailing list