From 396e2ba931fdd3f3ef08550411731a5197632c45 Mon Sep 17 00:00:00 2001
From: eatikrh <98592544+eatikrh@users.noreply.github.com>
Date: Fri, 7 Apr 2023 07:13:43 -0500
Subject: [PATCH] Allow users with 'view-users' permission to see the
 'credentials' tab (#19587)

Closes #17174
---
 js/apps/admin-ui/src/user/EditUser.tsx                          | 2 +-
 .../org/keycloak/services/resources/admin/UserResource.java     | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/js/apps/admin-ui/src/user/EditUser.tsx b/js/apps/admin-ui/src/user/EditUser.tsx
index 96d87b3b07..95ec5de535 100644
--- a/js/apps/admin-ui/src/user/EditUser.tsx
+++ b/js/apps/admin-ui/src/user/EditUser.tsx
@@ -233,7 +233,7 @@ const EditUserForm = ({ user, bruteForced, refresh }: EditUserFormProps) => {
               </Tab>
               <Tab
                 data-testid="credentials"
-                isHidden={!user.access?.manage}
+                isHidden={!user.access?.view}
                 title={<TabTitleText>{t("common:credentials")}</TabTitleText>}
                 {...credentialsTab}
               >
diff --git a/services/src/main/java/org/keycloak/services/resources/admin/UserResource.java b/services/src/main/java/org/keycloak/services/resources/admin/UserResource.java
index 00743231ae..6d1e31c04d 100755
--- a/services/src/main/java/org/keycloak/services/resources/admin/UserResource.java
+++ b/services/src/main/java/org/keycloak/services/resources/admin/UserResource.java
@@ -651,7 +651,7 @@ public class UserResource {
     @NoCache
     @Produces(MediaType.APPLICATION_JSON)
     public Stream<CredentialRepresentation> credentials(){
-        auth.users().requireManage(user);
+        auth.users().requireView(user);
         return user.credentialManager().getStoredCredentialsStream()
                 .map(ModelToRepresentation::toRepresentation)
                 .peek(credentialRepresentation -> credentialRepresentation.setSecretData(null));