keycloak-scim/server_admin/topics/admin-console-permissions/per-realm.adoc
2017-02-14 10:00:06 +01:00

25 lines
879 B
Text

[[_per_realm_admin_permissions]]
=== Dedicated Realm Admin Consoles
Each realm has a dedicated Admin Console that can be accessed by going to the url `/auth/admin/\{realm-name}/console`.
Users within that realm can be granted realm management permissions by assigning specific user role mappings.
Each realm has a built-in client called `realm-management`. You can view this client by going to the
`Clients` left menu item of your realm. This client defines client-level roles that specify permissions that can be granted to manage the realm.
* view-realm
* view-users
* view-clients
* view-events
* manage-realm
* manage-users
* create-client
* manage-clients
* manage-events
* view-identity-providers
* manage-identity-providers
* impersonation
Assign the roles you want to your users and they will only be able to use that specific part of the administration console.