keycloak-scim/server_admin/topics/roles-groups.adoc

19 lines
1.3 KiB
Text
Raw Normal View History

== Assigning permissions and access using roles and groups
Roles and groups have a similar purpose, which is to give users access and permissions to use applications. Groups are a collection of users to which you apply roles and attributes. Roles define specific applications permissions and access control. Groups are an optional capability.
A role typically applies to one type of user. Typical roles in an organization include `Admin`, `user`, `manager`, and `employee`. An application can assign access and permissions to a role and then assign multiple users to that role so the users share the same access and permissions. For example, the Admin Console has roles that give permission to users to access parts of the Admin Console.
There is a global namespace for roles and each client also has its own dedicated namespace where roles can be defined.
include::roles-groups/proc-creating-realm-roles.adoc[]
include::roles-groups/con-client-roles.adoc[]
include::roles-groups/proc-converting-composite-roles.adoc[]
include::roles-groups/proc-assigning-role-mappings.adoc[]
include::roles-groups/con-default-roles.adoc[]
include::roles-groups/con-role-scope-mappings.adoc[]
include::roles-groups/proc-managing-groups.adoc[]
include::roles-groups/con-comparing-groups-roles.adoc[]
include::roles-groups/proc-specifying-default-groups.adoc[]