I have discovered that it is possible to grant users in the
master realm administrative client roles for other realms in the
<realm-name>-realm client roles.
Is it possible to give a user that is not in the
master realm those roles? Or is it only possible from the
The use case that I am trying to achieve is that users in one realm (let’s call it
administrators) will each have full admin permissions on two realms (for example
cs-dept-realm-test). I am reluctant to add those users to the
master realm, as I have read a few posts here and on the mailing list that this is a bad/insecure practice. Am I worried over nothing? Is there another way to achieve the same result?
Thank you for your kind time and attention,