Access to The Admin Console and REST endpoints can be controlled by mapping roles to users in the keycloak-admin realm. It's possible to create multiple super users as well as users that have only access to certain operations in specific realms.

There are two realm roles in the keycloak-admin realm. These are: admin - This is the super-user role and grants permissions to all operations on all realms create-realm - This grants the user permission to create new realms. A user that creates a realm is granted all permissions to the newly created realm. To add these roles to a user select the keycloak-admin realm, then click on Users. Find the user you want to grant permissions to, open the user and click on Role Mappings. Under Realm Roles assign any of the above roles to the user by selecting it and clicking on the right-arrow.

Each realm in Keycloak is represented by an application in the keycloak-admin realm. The name of the application is <realm name>-realm. This allows assigning access to users for individual realms. The roles available are: view-realm - View the realm configuration view-users - View users (including details for specific user) in the realm view-applications - View applications in the realm view-clients - View clients in the realm manage-realm - Modify the realm configuration (and delete the realm) manage-users - Create, modify and delete users in the realm manage-applications - Create, modify and delete applications in the realm manage-clients - Create, modify and delete clients in the realm Manage roles includes permissions to view (for example a user with manage-realm role can also view the realm configuration). To add these roles to a user select the keycloak-admin realm, then click on Users. Find the user you want to grant permissions to, open the user and click on Role Mappings. Under Application Roles select the application that represents the realm you're adding permissions to (<realm name>-realm), then assign any of the above roles to the user by selecting it and clicking on the right-arrow.