From 5ced20e1ee85705ddb09beb1976c9b550c466c40 Mon Sep 17 00:00:00 2001
From: Stan Silvert <ssilvert@redhat.com>
Date: Tue, 13 Dec 2022 15:56:22 -0500
Subject: [PATCH] Allow any admin role on GET profile call (#15967)

---
 .../keycloak/services/resources/admin/UserProfileResource.java  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/services/src/main/java/org/keycloak/services/resources/admin/UserProfileResource.java b/services/src/main/java/org/keycloak/services/resources/admin/UserProfileResource.java
index ebcf15c77a..61f350f015 100644
--- a/services/src/main/java/org/keycloak/services/resources/admin/UserProfileResource.java
+++ b/services/src/main/java/org/keycloak/services/resources/admin/UserProfileResource.java
@@ -49,7 +49,7 @@ public class UserProfileResource {
     @GET
     @Produces(MediaType.APPLICATION_JSON)
     public String getConfiguration() {
-        auth.realm().requireViewRealm();
+        auth.requireAnyAdminRole();
         return session.getProvider(UserProfileProvider.class).getConfiguration();
     }