Users in the {{book.project.name}} `master` realm can be granted permission to manage zero or more realms that are deployed on the {{book.project.name}} server.
When a realm is created, {{book.project.name}} automatically creates various roles that grant fine-grain permissions to access that new realm.
Access to The Admin Console and Admin REST endpoints can be controlled by mapping these roles to users in the `master` realm.
It's possible to create multiple super users, as well as users that can only manage specific realms.
==== Global Roles
There are two realm-level roles in the `master` realm.
These are:
* admin
* create-realm
Users with the `admin` role are super users and have full access to manage any realm on the server. Users with the `create-realm` role
IMPORTANT: Admins with the `manage-users` role will only be able to assign admin roles to users that they themselves have. So, if an admin has the `manage-users` role but doesn't have the `manage-realm` role, they will not be able to assign this role.