密钥斗篷IDM中的排除功能
[英]Exclusion feature in keycloak IDM
问题描述
I am trying to develop an web application using angular 4, java ee and wildfly. 
我正在尝试使用angular 4,java ee和wildfly开发一个Web应用程序。 I am planning on using keycloak as IDM. 我正计划将密钥斗篷用作IDM。 I researched and found that we can provide roles to user but what I couldn't find is if it provides the feature to exclude some privilege from admin role. 我研究发现,我们可以为user提供角色,但是我找不到它是否提供了从admin角色中排除某些特权的功能。
For example: I want to provide user with admin role all the privileges except one, so I want to exclude the privilege from that admin . 例如:我想为用户提供admin角色,除了一个特权外,我想从该admin排除该特权。
Is it possible using keycloak? 是否可以使用密钥斗篷? If not, can anyone suggest any other IDM matching this requirement? 如果没有,那么有人可以建议其他符合此要求的IDM吗?
1 个解决方案
解决方案1
1 2017-11-07 05:56:11
No, you cannot change the privileges of admin role. 不可以,您不能更改管理员角色的权限。 Yes, you can use Keycloak. 是的,您可以使用Keycloak。
From http://www.keycloak.org/docs/latest/server_admin/topics/admin-console-permissions/fine-grain.html 来自http://www.keycloak.org/docs/latest/server_admin/topics/admin-console-permissions/fine-grain.html
Fine grain permissions are used to grant additional permissions.
I think you still can achieve want you want with Keycloak's flexible administrative role and permission management. 我认为您可以通过Keycloak灵活的管理角色和权限管理来实现自己想要的。 Just not exactly in the way you think it should be done. 只是不完全按照您认为的方式进行。
Don't give your administration user the role admin , but some of the more restrictive roles of client realm-management (eg view-realm , manage-users ). 不要给您的管理用户角色admin ,而是给客户端领域管理一些更严格的角色(例如, view-realm , manage-users )。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.