Currently, I’m giving a select few users the ability to manage user roles using the manage-user realm-management role.
However this gives way too much power to the user.
A user manager is able to grant any role (including realm-admin) to themselves and others.
I’d like to restrict these users to only get enough access to assign specific realm and client roles and to manage specific groups.
Is there a way to do this?