Keycloak version 24+
In keycloak How can we strict client service account roles to just view, create and update users using REST APIs? Delete user shouldn’t be allowed.
Keycloak default has manage-users role which includes delete users as well. There is no separate role for create and update user. Tried to check scope based roles, but there is also no scope available for create and update.
I think you can handle this with a custom user storage provider spi. Then you can change the delete behavior.
This topic was automatically closed 180 days after the last reply. New replies are no longer allowed.