Allow restricted user editing

Is it possible to create a more restricted user manager role that can assign some roles, but not others? I’ve seen no way to add acl or the like to roles, either a user can edit users in a realm or they cannot, there seems to be no finer grained option.

I feel that I missed something fundamental.

If you want a user to edit other users in realm, then I think you need to make that user as an admin.
For this click on Users section in Management. Select your user. Then go to Role Mappings tab. In that page you can see a drop down called client roles. Type realm-management inside drop down. Now you can see a few roles. choose what roles you need to give the user select and add those roles.

We’ve got a user with the appropriate roles assigned so that they can edit users within a specific realm, what I’d like to be able to do is limit the roles that that new admin user is allowed to assign to other users. They appear to be able to assign every role in the realm and I’d like to only allow them to assign from a subset of roles.

I don’t know what is your solution but there is option of client roles. So if your customers use separate clients you can try that.