-
Type:
Feature Request
-
Status: Closed (View Workflow)
-
Priority:
Major
-
Resolution: Done
-
Affects Version/s: None
-
Fix Version/s: 3.2.0.CR1
-
Component/s: None
-
Labels:None
-
QE Status:ASSIGNED
Current permissions is either view/manage on realm, client, user, etc. Often this is not sufficient and there's a need to limit permissions.
Features implemented:
- Can manage one client
- Can configure one client (same as manage minus scope and mappers)
- View or Manage users of a specific group
- Manage membership of a specific group
- Can have just allow mapping of roles for a user
- Can limit which roles can be assigned to user, composite, or client scope.
- Can define policies that specify which users can/cannot be impersonated
- Other authz specific policies for view, manage of users and groups.
Fine grain policies are described using Authorization Service policies and permissions.
- is duplicated by
-
-
- Closed
-
- relates to
-
KEYCLOAK-528 Privilege escalation to takeover 'realm-admin' from realm user with only 'manage-users' role.
-
- Closed
-
-
KEYCLOAK-5100 Document fine-grained permissions for admin console and endpoints
-
- Closed
-
