keycloak-scim/topics/admin-console-permissions/per-realm.adoc
2016-05-25 17:05:31 -04:00

27 lines
919 B
Text
Executable file

[[_per_realm_admin_permissions]]
=== Dedicated Realm Admin Consoles
Each realm has a dedicated Admin Console that can be accessed by going to the url `/auth/admin/\{realm-name}/console`.
Users within that realm can be granted realm management permissions by assigning specific user role mappings.
Each realm has a built-in client called `realm-management`. You can view this client by going to the
`Clients` left menu item of your realm. This client define client-level roles that specify permissions that can be granted to manage the realm.
* view-realm
* view-users
* view-applications
* view-clients
* view-events
* manage-realm
* manage-users
* manage-applications
* create-client
* manage-clients
* manage-events
* view-identity-providers
* manage-identity-providers
* impersonation
Assign the roles you want to your users and they will only be able to use that specific part of the administration console