22 lines
1.1 KiB
Text
22 lines
1.1 KiB
Text
|
|
=== Realm Roles
|
|
|
|
Realm level roles are a global namespace to define your roles. You can see the list of built-in and created roles
|
|
by clicking on the `Roles` left menu item.
|
|
|
|
image:../../{{book.images}}/roles.png[]
|
|
|
|
To create a role just click on the `Add Role` button on this page, enter in the name and description of the role
|
|
and hit the `Save` button.
|
|
|
|
.Add Role
|
|
image:../../{{book.images}}/role.png[]
|
|
|
|
The value for the `description` field is localizable by specifying a substitution variable with `$\{var-name}` strings.
|
|
The localized value is then configured within property files in your theme. See the link:{{book.project.doc_base_url}}{{book.project.doc_info_version_url}}{{book.developerguide.link}}[{{book.developerguide.name}}]
|
|
for more information on localization. If a client requires user _consent_, this description string will be displayed on the
|
|
consent page for the user.
|
|
|
|
If the client has to explicitly request for a realm role, set `Scope Param Required` to true. The role then has to be specified via the `scope` parameter when requesting a token. Multiple realm roles are separated by space:
|
|
|
|
`scope=admin user`
|