Fine-grained client management

Hello everyone,

I’m trying to give permission to a specific user to create resources and give permission to users/groups/roles to this resource but for a single client only. (Lately I’m changing it to be based on groups or roles.)

I already have “permissions enabled” and I added a new permission to manage and configure into the realm permissions to an user (policy based on user: user equals the specific user) but this has been ignored by keycloak.

The only way of enabling this user to create resources was given “realm-management” > “manage-authorization” client role but it gives permission into realm level not only for a single client.

There is any way of doing this or/and debug it?

I’m using Keycloak 16.1.0.

Thank you,