17 lines
1.4 KiB
Text
17 lines
1.4 KiB
Text
== Assigning permissions using roles and groups
|
|
|
|
Roles and groups have a similar purpose, which is to give users access and permissions to use applications. Groups are a collection of users to which you apply roles and attributes. Roles define specific applications permissions and access control.
|
|
|
|
A role typically applies to one type of user. For example, an organization may include `admin`, `user`, `manager`, and `employee` roles. An application can assign access and permissions to a role and then assign multiple users to that role so the users have the same access and permissions. For example, the Admin Console has roles that give permission to users to access different parts of the Admin Console.
|
|
|
|
There is a global namespace for roles and each client also has its own dedicated namespace where roles can be defined.
|
|
|
|
include::roles-groups/proc-creating-realm-roles.adoc[leveloffset=2]
|
|
include::roles-groups/con-client-roles.adoc[leveloffset=2]
|
|
include::roles-groups/proc-converting-composite-roles.adoc[leveloffset=2]
|
|
include::roles-groups/proc-assigning-role-mappings.adoc[leveloffset=2]
|
|
include::roles-groups/proc-using-default-roles.adoc[leveloffset=2]
|
|
include::roles-groups/con-role-scope-mappings.adoc[leveloffset=2]
|
|
include::roles-groups/proc-managing-groups.adoc[leveloffset=2]
|
|
include::roles-groups/con-comparing-groups-roles.adoc[leveloffset=3]
|
|
include::roles-groups/proc-specifying-default-groups.adoc[leveloffset=3]
|