I’m quite new at Keycloak.
My customer wants to use admin delegation; i.e.: one user is admin of a realm and can manage the users in this realm.
I’m testing this but I’m a bit locked when trying to do so.
Let me explain:
- User A is admin on “master” realm
- He creates another realm (“realm01”).
- He creates a user B on this realm01 with client roles on realm01 “manage-authorization”, “manage-users” and “view realm”.
- User B connects to realm01 and is able to create new users BUT can assign any role to the new users (“Role Mappings” tab is forbidden).
Is there a way to provide User B the rights (role?) to assign roles to users on a realm he manages?
Or maybe using realms isn’t the appropriate way? Is this feasible with groups?
Thanks in advance for your help.