oliverhaagh
commented
1 year ago Role management for the new MSR is handled in Keycloak instead of following the role hierarchy of the MIR, as the old MSR did. This makes role management for the MSR more dynamic and fine grained, but on the other hand it also requires access to Keycloak's admin interface. A suggestion on how to handle user roles on a per-organization-basis for organization admins is to implement it as part of the MIR API, as that already has an interface to Keycloak's API to be able to create users, OIDC clients, etc.
Would it be possible to assign role to a user from the front-end (Management portal for example) rather than setting that up from Keycloak manually?
Scenario: A user who is a member of ExampleOrg1 in a MIR wants to register their service to an MSR which requires 'service admin' role to begin with. An MSR admin would be possible to assign the role to him/her from a menu under the 'Service Registry' section of the Management portal.