Hiding System Users from Admin Console in Keycloak 26.3
Gordon Fidora
Hello everyone,
I’m using Keycloak 26.3, and all my users are Realm users within a specific realm.
All users who have the Realm Role "Group Admin" can access the Admin Console via
https://MyDomain.com/admin/MyRealm/console/#/MyRealm/users
and currently see all Realm users. The Realm Role "Group Admin" has these 2 Composite Roles: "realm management->manage-users" and "realm-management->view-users"
However, I have three system users that I would like to hide from the Admin Console view.
Is there a way to achieve this?
Thanks in advance for your help!
Niko Köbler
Gordon Fidora
Hi Niko,
thanks for your response and for pointing out the bug.
Unfortunately, I expressed myself a bit unclearly:
By "system user" I didn’t mean service accounts, but rather regular realm users with a specific realm role, i.e., "system-user", which I would like to hide in the admin console when users with the realm role "Group-Admin" log in.
Is this possible via the standard UI Admin Console?
I haven’t found a way yet to filter users based on role membership.
Thanks in advance,
Gordon
Vlasta Ramik
Hello Gordon,
you can try to take a look at FGAP v2 [1]. While there is no way
currently to setup permissions for users with specific role, you
can group them into some group and create permission for that
group.
[1]
https://www.keycloak.org/docs/latest/server_admin/index.html#_fine_grained_permissions
--
You received this message because you are subscribed to the Google Groups "Keycloak User" group.
To unsubscribe from this group and stop receiving emails from it, send an email to keycloak-use...@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/keycloak-user/e63b4b00-f5ab-4176-a4e8-6241461d17c9n%40googlegroups.com.
Niko Köbler
Gordon Fidora
I found a solution using fine grained permissions V2. This Youtube-Video was very helpful:
https://www.youtube.com/watch?v=ZrWH9nuumbg&ab_channel=OliE.
Best regards
Gordon