mirror of
https://github.com/keycloak/keycloak.git
synced 2026-01-25 16:42:34 +00:00
feat(FGAPv2): introduce RESET_PASSWORD scope and evaluation
- Add RESET_PASSWORD to AdminPermissionsSchema.USERS - Require RESET_PASSWORD in UserResource.resetPassword() - Expose canResetPassword()/requireResetPassword() - Implement FGAP v2 deny-overrides + secure-by-default + optional fallback - Include access.resetPassword for Admin Console Closes #41901 Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com> Signed-off-by: Bagautdino <336373@edu.itmo.ru>
This commit is contained in:
@@ -68,6 +68,8 @@ set of scopes:
|
||||
| *manage-group-membership* | Defines if a realm administrator can assign or unassign users to/from groups. | None
|
||||
| *map-roles* | Defines if a realm administrator can assign or unassign roles to/from users. | None
|
||||
| *impersonate* | Defines if a realm administrator can impersonate other users. | `impersonate-members`
|
||||
| *reset-password* | Defines if a realm administrator can reset user passwords. By default, this scope falls | None
|
||||
back to `manage` scope behavior (configurable via `fgap.v2.resetPassword.fallbackToManageUsers`).
|
||||
|===
|
||||
|
||||
The user resource type has a strong relationship with some of the permissions you can set to groups. Most of the time,
|
||||
|
||||
Reference in New Issue
Block a user