12809fbb7a
* Fix Users TOC * KEYCLOAK-16234 initial commit * Modularization * messing * removes duplicate module calls * Post feedback changes Co-authored-by: Andy Munro <amunro@redhat.com>
18 lines
1.3 KiB
Text
18 lines
1.3 KiB
Text
|
|
== Assigning permissions and access using roles and groups
|
|
|
|
Roles and groups have a similar purpose, which is to give users access and permissions to use applications. Groups are a collection of users to which you apply roles and attributes. Roles define specific applications permissions and access control. Groups are an optional capability.
|
|
|
|
A role typically applies to one type of user. Typical roles in an organization include `Admin`, `user`, `manager`, and `employee`. An application can assign access and permissions to a role and then assign multiple users to that role so the users share the same access and permissions. For example, the Admin Console has roles that give permission to users to access parts of the Admin Console.
|
|
|
|
There is a global namespace for roles and each client also has its own dedicated namespace where roles can be defined.
|
|
|
|
include::roles-groups/proc-creating-realm-roles.adoc[]
|
|
include::roles-groups/con-client-roles.adoc[]
|
|
include::roles-groups/proc-converting-composite-roles.adoc[]
|
|
include::roles-groups/proc-assigning-role-mappings.adoc[]
|
|
include::roles-groups/con-default-roles.adoc[]
|
|
include::roles-groups/con-role-scope-mappings.adoc[]
|
|
include::roles-groups/proc-managing-groups.adoc[]
|
|
include::roles-groups/con-comparing-groups-roles.adoc[]
|
|
include::roles-groups/proc-specifying-default-groups.adoc[]
|