Greetings,
I have discovered that it is possible to grant users in the master
realm administrative client roles for other realms in the <realm-name>-realm
client roles.
Is it possible to give a user that is not in the master
realm those roles? Or is it only possible from the master
realm?
The use case that I am trying to achieve is that users in one realm (let’s call it administrators
) will each have full admin permissions on two realms (for example cs-dept-realm
and cs-dept-realm-test
). I am reluctant to add those users to the master
realm, as I have read a few posts here and on the mailing list that this is a bad/insecure practice. Am I worried over nothing? Is there another way to achieve the same result?
Thank you for your kind time and attention,
M