xgp
commented
3 months ago That is by design. The original design was to allow only users with the realm-management role manage-organizations to be able to create and delete organizations. An additional create-organization role was added to allow create without the other permissions, but no other role exists to delete organizations.
I'm integrating your API in my .NET application. Actually, when the user creates an organization, he's assigned all roles in the organization including 'manage-organization'. When I try to delete the organiztion by the user, I get an Unauthroized status code. This only works when the user is gobally assigned the realm-management role 'manage-organizations', which gives him access to manage all realm Organizations => can delete all realm organizations, but I only want him to be able to perform this action in organiztions he's part of. Is this the behavior by design ? or is it a bug ?