0

I scrolled through the documentation of KeyCloak and also set it on my machine to explore.

I also explored fine-grained permissions however I didn't get much detail in documentation around the n-level of nested hierarchies.

Here https://www.keycloak.org/docs/latest/server_admin/ this talks about limiting an admin user to particular client management, however, I want certain users, within the client, to be able to create accounts but with scopes and attributes limited to what's assigned to themselves.

For an example: For a client(ERP>Transactions) we want to create an Org(our customer) Admin who in return will create teams and team admins. Team admins shall be able to invite their teammates in there.

Now I just want to know if only Keycloak can be used to make sure a user in one Org shouldn't be able to create a user in some other org, in the same way, a team admin shouldn't be able to onboard/invite a user in some other team.

Because if Keycloak in principle can't handle this, our team will start writing custom logic in our application code base for this.

Ravinder Payal
  • 2,884
  • 31
  • 40
  • Rule-based access control(Using JavaScript) got this while reading more, will explore to know if this can be used accept or reject user creation requests – Ravinder Payal Apr 28 '22 at 08:35
  • Seems a duplicate of this https://stackoverflow.com/questions/51616770/keycloak-restricting-user-management-to-certain-groups-while-enabling-manage-us – Ravinder Payal Apr 29 '22 at 10:15

0 Answers0