Our app is running keycloak from a docker container.
when we run the keycloak we set up a user named “keycloak-admin” with password 12345 (not really ) for the MASTER realm.
after that, we create a new realm named NLS from a realm.json file.
then we add a user named “nls-admin”
Now, if I understand correctly in order to add more users in the NLS realm only the user “keycloak-admin” can do it
when we go into: http:///auth/admin/master/console/ I can log in with “keycloak-admin” and select the NLS realm and then add as many users as I wish.
my question is - is there a way to allow the “nls-admin” user to also have admin permission for the NLS realm? like the “keycloak-admin” but only for the NLS realm.
cause, in the current status, if I try to log in into http:///auth/admin/NLS/console/ with nls-admin i get a page that says that I don’t have permissions.
just to celebrate why we need it - basically, we set up a realm for our customers today. we want to give them an admin user for the keycloak but only for a specific realm
Of course this is possible, but you have to set the proper roles to your “nls-admin” user.
You have to assign the “realm-admin” role from the “realm-management” client to your “nls-admin” user. The “realm-admin” role effectively assigns all the other roles to the user. See picture:
The kcadm tool is just a wrapper around the Keycloak Admin REST API and to call the various resources/endpoints. So, basically everthing you do via the admin UI (admin web console), you can also do via kcadm. Documentation for the Admin REST API is on the documentation page: Keycloak - Documentation (ok, it’s not the best docs, but anyhow…)
) for the MASTER realm.