Minor changes to admin console permissions chapter.
This commit is contained in:
parent
87f784f6d1
commit
a6f9e3f1cd
3 changed files with 7 additions and 7 deletions
|
@ -2,6 +2,6 @@
|
||||||
|
|
||||||
== Admin Console Access Control and Permissions
|
== Admin Console Access Control and Permissions
|
||||||
|
|
||||||
Each realm created on the {{book.project.name}} has a dedicated Admin Console from which that realm can be managed from.
|
Each realm created on the {{book.project.name}} has a dedicated Admin Console from which that realm can be managed.
|
||||||
The `master` realm is a special realm that allows admins to manage more than one realm on the system. You can also
|
The `master` realm is a special realm that allows admins to manage more than one realm on the system. You can also
|
||||||
define fine-grain access to users in different realms to manage the server. This chapter goes over all the scenarios for this.
|
define fine-grained access to users in different realms to manage the server. This chapter goes over all the scenarios for this.
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
|
|
||||||
=== Master Realm Access Control
|
=== Master Realm Access Control
|
||||||
|
|
||||||
The `master` realm in {{book.project.name}} is a special realm and treated differently that other realms.
|
The `master` realm in {{book.project.name}} is a special realm and treated differently than other realms.
|
||||||
Users in the {{book.project.name}} `master` realm can be granted permission to manage zero or more realms that are deployed on the {{book.project.name}} server.
|
Users in the {{book.project.name}} `master` realm can be granted permission to manage zero or more realms that are deployed on the {{book.project.name}} server.
|
||||||
When a realm is created, {{book.project.name}} automatically creates various roles that grant fine-grain permissions to access that new realm.
|
When a realm is created, {{book.project.name}} automatically creates various roles that grant fine-grain permissions to access that new realm.
|
||||||
Access to The Admin Console and Admin REST endpoints can be controlled by mapping these roles to users in the `master` realm.
|
Access to The Admin Console and Admin REST endpoints can be controlled by mapping these roles to users in the `master` realm.
|
||||||
|
@ -16,7 +16,7 @@ These are:
|
||||||
* create-realm
|
* create-realm
|
||||||
|
|
||||||
Users with the `admin` role are super users and have full access to manage any realm on the server. Users with the `create-realm` role
|
Users with the `admin` role are super users and have full access to manage any realm on the server. Users with the `create-realm` role
|
||||||
are allowed to create new realms. Any new realm they create they will be granted full access to.
|
are allowed to create new realms. They will be granted full access to any new realm they create.
|
||||||
|
|
||||||
==== Realm Specific Roles
|
==== Realm Specific Roles
|
||||||
|
|
||||||
|
@ -42,6 +42,6 @@ The roles available are:
|
||||||
* manage-identity-providers
|
* manage-identity-providers
|
||||||
* impersonation
|
* impersonation
|
||||||
|
|
||||||
Assign the roles you want to your users and they will only be able to use that specific part of the administration console
|
Assign the roles you want to your users and they will only be able to use that specific part of the administration console.
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -6,7 +6,7 @@ Each realm has a dedicated Admin Console that can be accessed by going to the ur
|
||||||
Users within that realm can be granted realm management permissions by assigning specific user role mappings.
|
Users within that realm can be granted realm management permissions by assigning specific user role mappings.
|
||||||
|
|
||||||
Each realm has a built-in client called `realm-management`. You can view this client by going to the
|
Each realm has a built-in client called `realm-management`. You can view this client by going to the
|
||||||
`Clients` left menu item of your realm. This client define client-level roles that specify permissions that can be granted to manage the realm.
|
`Clients` left menu item of your realm. This client defines client-level roles that specify permissions that can be granted to manage the realm.
|
||||||
|
|
||||||
* view-realm
|
* view-realm
|
||||||
* view-users
|
* view-users
|
||||||
|
@ -23,5 +23,5 @@ Each realm has a built-in client called `realm-management`. You can view this c
|
||||||
* manage-identity-providers
|
* manage-identity-providers
|
||||||
* impersonation
|
* impersonation
|
||||||
|
|
||||||
Assign the roles you want to your users and they will only be able to use that specific part of the administration console
|
Assign the roles you want to your users and they will only be able to use that specific part of the administration console.
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue