Thanks to visit codestin.com
Credit goes to github.com

Skip to content

[FGAP] Make additional rest endpoints respect permissions #40058

New issue
New issue
Closed
bug
#43189
Closed
[FGAP] Make additional rest endpoints respect permissions#40058
bug
#43189
Assignees
vramik
Labels
area/admin/fine-grained-permissionskind/bugCategorizes a PR related to a bugpriority/importantMust be worked on very soonrelease/26.5.0team/core-iam
@vramik

Description

@vramik
vramik
opened on May 29, 2025

There are REST endpoint which does not take admin permissions into an account when returning response.

With following permission denying to view a userC:
Image

When listing client sessions:

GET | http://localhost:8080/admin/realms/test/ui-ext/sessions/client?first=0&max=11&type=ALL&clientId=7bb6b97b-67b6-4cc6-9d99-974c73ec9157&search=

Image

Or when listing users with a certain role:

GET | http://localhost:8080/admin/realms/test/clients/7bb6b97b-67b6-4cc6-9d99-974c73ec9157/roles/test-role/users?briefRepresentation=true&first=0&max=11

Image

The lists includes users who should not be visible.

Metadata

Metadata

Assignees

Labels

area/admin/fine-grained-permissionskind/bugCategorizes a PR related to a bugpriority/importantMust be worked on very soonrelease/26.5.0team/core-iam

Type

bug

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions