What realm specific role is needed to assign role(s) to a user?

Hi there,
I’m quite new at Keycloak.
My customer wants to use admin delegation; i.e.: one user is admin of a realm and can manage the users in this realm.
I’m testing this but I’m a bit locked when trying to do so.
Let me explain:

  1. User A is admin on “master” realm
  2. He creates another realm (“realm01”).
  3. He creates a user B on this realm01 with client roles on realm01 “manage-authorization”, “manage-users” and “view realm”.
  4. User B connects to realm01 and is able to create new users BUT can assign any role to the new users (“Role Mappings” tab is forbidden).
    Is there a way to provide User B the rights (role?) to assign roles to users on a realm he manages?

Or maybe using realms isn’t the appropriate way? Is this feasible with groups?
Thanks in advance for your help.

2 Likes