From ced599075dc838a8b9cb501b03b2a24a2147b28f Mon Sep 17 00:00:00 2001 From: Stan Silvert Date: Fri, 3 Jun 2016 14:07:00 -0400 Subject: [PATCH] Minor changes for roles chapter. --- topics/roles/client-scope.adoc | 4 ++-- topics/roles/realm-client-roles.adoc | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/topics/roles/client-scope.adoc b/topics/roles/client-scope.adoc index 46c589d8d5..ba80c5f1dc 100644 --- a/topics/roles/client-scope.adoc +++ b/topics/roles/client-scope.adoc @@ -10,7 +10,7 @@ client registered with the realm, attackers can get access tokens that have a br network is compromised. This is where _client scope_ becomes important. _Client scope_ is a way to limit the roles that get declared inside an access token. When a client requests that a user -be authenticated the access token they receive back will only contain the role mappings you've explicitly specified +be authenticated, the access token they receive back will only contain the role mappings you've explicitly specified for the client's scope. This allows you to limit the permissions each individual access token has rather than giving the client access to all of the user's permissions. By default, each client gets all the role mappings of the user. You can view this in the `Scope` tab of each client. @@ -18,7 +18,7 @@ You can view this in the `Scope` tab of each client. .Full Scope image:../../{{book.images}}/full-client-scope.png[] -As you can see from the picture, you can see that the effect roles of the scope are every declared role in the realm. +You can see from the picture that the effective roles of the scope are every declared role in the realm. To change this default behavior, you must explicitly turn off the `Full Scope Allowed` switch and declare the specific roles you want in each individual client. Alternatively, you can also use <> to define the scope for a whole set of clients. diff --git a/topics/roles/realm-client-roles.adoc b/topics/roles/realm-client-roles.adoc index 7e5cb6eb48..1a1e888e37 100644 --- a/topics/roles/realm-client-roles.adoc +++ b/topics/roles/realm-client-roles.adoc @@ -19,6 +19,6 @@ consent page for the user. === Client Roles -Client roles are basically a namespace dedicated to clients. Each client gets its own namespace. Client roles are managed +Client roles are basically a namespace dedicated to a client. Each client gets its own namespace. Client roles are managed under the `Roles` tab under each individual client. You interact with this UI the same way you do for realm level roles.