keycloak - Keycloak - how to implement delegated administration
问题描述
I need to implement user hierarchy using keycloak and I was wondering if someone has done it before or perhaps can give me some pointers on different ways.
In our scenario we have
- single application to protect with open-id connect
- 1 single super-admin ( realm admin)
- many team admins ( created by the super admin ) who can only administer users who belong to the same team as themselves
- ordenary users who belong to a given team and created by the team admin
Is there a way to achieve this using keycloak's authorization?
Shall I build a Custom REST endpoint in keycloak to implement this?
Shall I create groups / team perhaps ?
I am not sure what is the easiest route. I would like implement the easiest solution.
解决方案
推荐阅读
- wordpress - 如何编辑 woocommerce 功能 trought 主题的功能?
- php - 正确格式化 JSON 文件
- python - Python 的 itertools 的空间复杂度
- dialogflow-es - 多次调用后续意图
- python - openpyxl 条件格式 - 规则在 Excel 文件中,但不是格式
- python - A*算法在Python中找不到目标
- lua - 将 Lua 包 (LuaSocket) 与 HAProxy 一起使用
- beautifulsoup - Beautifulsoup 解析对象数组
- go - 意外执行链接到 libavformat 的最小 Cgo 应用程序
- css - 标题标签不继承 CSS 属性