Update users on keycloak returns 403 without realm-management roles

The keycloak REST API for updating users returns 403. I generated a token for user X using client credentials. Now for user X I would like to update some property. Intuitively a user should be allowed to update themselves but without the realm-management role of manage-users this returns 403. Now the issue with manage-users is that it is a very broad role and gives a lot of extra permissions to the user like deleting other users. I just want a user X to be able to update themselves how can I drive this through keycloak?

1 Like

strugling with the same issue. I created the custom role self-manage-account but I have failed to configure it so that user would be able to it’s own attributes. Still strugling with 403 error. I am sure there is some well defined way of doing this, and it would be great if someone with that knowledge would point to right place for more information.