Uploaded image for project: 'Keycloak'
  1. Keycloak
  2. KEYCLOAK-3444

Fine-grained permissions in admin console and endpoints

    Details

    • Type: Feature Request
    • Status: Closed (View Workflow)
    • Priority: Major
    • Resolution: Done
    • Affects Version/s: None
    • Fix Version/s: 3.2.0.CR1
    • Component/s: None
    • Labels:
      None
    • QE Status:
      ASSIGNED

      Description

      Current permissions is either view/manage on realm, client, user, etc. Often this is not sufficient and there's a need to limit permissions.

      Features implemented:

      • Can manage one client
      • Can configure one client (same as manage minus scope and mappers)
      • View or Manage users of a specific group
      • Manage membership of a specific group
      • Can have just allow mapping of roles for a user
      • Can limit which roles can be assigned to user, composite, or client scope.
      • Can define policies that specify which users can/cannot be impersonated
      • Other authz specific policies for view, manage of users and groups.

      Fine grain policies are described using Authorization Service policies and permissions.

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  bill.burke Bill Burke
                  Reporter:
                  stianst Stian Thorgersen
                  Tester:
                  Mark True
                • Votes:
                  20 Vote for this issue
                  Watchers:
                  26 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: