Keycloak

Форк
0
44 строки · 2.0 Кб
1

2
=== Master realm access control
3

4
The `master` realm in {project_name} is a special realm and treated differently than other realms.
5
Users in the {project_name} `master` realm can be granted permission to manage zero or more realms that are deployed on the {project_name} server.
6
When a realm is created, {project_name} automatically creates various roles that grant fine-grain permissions to access that new realm.
7
Access to The Admin Console and Admin REST endpoints can be controlled by mapping these roles to users in the `master` realm.
8
It's possible to create multiple superusers,  as well as users that can only manage specific realms.
9

10
==== Global roles
11

12
There are two realm-level roles in the `master` realm.
13
These are: 
14

15
* admin
16
* create-realm        
17

18
Users with the `admin` role are superusers and have full access to manage any realm on the server.  Users with the `create-realm` role
19
are allowed to create new realms.  They will be granted full access to any new realm they create.
20

21
==== Realm specific roles
22

23
Admin users within the `master` realm can be granted management privileges to one or more other realms in the system.
24
Each realm in {project_name} is represented by a client in the `master` realm.
25
The name of the client is `<realm name>-realm`.  These clients each have client-level roles defined which define varying
26
level of access to manage an individual realm.
27

28
The roles available are: 
29

30
* view-realm
31
* view-users
32
* view-clients
33
* view-events
34
* manage-realm
35
* manage-users
36
* create-client
37
* manage-clients
38
* manage-events            
39
* view-identity-providers
40
* manage-identity-providers
41
* impersonation
42

43
Assign the roles you want to your users and they will only be able to use that specific part of the administration console.
44

45
IMPORTANT: Admins with the `manage-users` role will only be able to assign admin roles to users that they themselves have.  So, if an admin has the `manage-users` role but doesn't have the `manage-realm` role, they will not be able to assign this role.
46

47

48

49

Использование cookies

Мы используем файлы cookie в соответствии с Политикой конфиденциальности и Политикой использования cookies.

Нажимая кнопку «Принимаю», Вы даете АО «СберТех» согласие на обработку Ваших персональных данных в целях совершенствования нашего веб-сайта и Сервиса GitVerse, а также повышения удобства их использования.

Запретить использование cookies Вы можете самостоятельно в настройках Вашего браузера.