keycloak-documentation icon indicating copy to clipboard operation
keycloak-documentation copied to clipboard

Published 20 hours ago verified publisher icon keycloak

Fine grain admin permission docs confusing

Open staedter opened this issue 2 years ago • 0 comments

Describe the bug

tl:dr;

Some images and explanations in the server-admin/fine-grain-admin-permission sections are wrong and misleading

example 1: image e.g. There is no a picture of the realm-managment client with the Autorization tab (and it is still not clear to me when and what has to be only configured in the realm-managment client and what has to be configured in the clients or the security-admin-console) but in the next paragraph there is an explicit referenz to an Authorization link in the above picture

example 2:

image image I really like to know what is configured in the user role

Background info:

I am trying to implement a fine grain admin permission solution in a one realm enterprise scenario. The hard business requirement is that, there should always be just one user account across the whole org but each business unit should have dedicated admins that control different parts of the shared user base (e.g. one admin role for each subsidiary company, that can only manage the employess, clients and groups that are unique to that part of the business). For that we whant to restrict what the different admin roles can do in the realm-admin-console.

Currently we have Keycloak 16.0.1 deployed in Kubernetes but I have already setup a new Deployment with the latest codecentric/keycloakx Chart with version 19.0.2 and try to configure the basic layout of the new structure in this instance.

I think I begin to develop a good grasp of the concepts like permissions, policies etc involved but I am having trouble implementing even the most basic of examples. Therefore I tried to dumb it down for me and just try to recreate the sales-application example from the docs but noticed, that while I have read that part a couple of times now cursory, that there a couple of wrong pictures or references that make no sense and that might be, why I have trouble implementing a working solution.

As a reference I am using the latest Version of the docs which is 19.0.2 (and even verified that the errors persist in the lates release 19.0.3)

Version

19.0.2

Expected behavior

I use the docs to recreate the basic fine-grain-admin-permission sales-appliction demo and I get all the relevant information and explanation to get it working and it gives me confidence in the feature. After reading the docs I am able to implement even more complex fine-grain-admin solutions which satisfy my project requirments

Actual behavior

I use the docs an get a good grip about the concepts involved but am not able to get basic outlines of fine-grain-admin portals for client, user and group management up and running and cannot even replicate the given examples from the docs

How to Reproduce?

Try to use the docs to build a fine-grain-admin console

Anything else?

No response

staedter avatar Oct 07 '22 07:10 staedter