Hi All
Version 24.03
I have created a client namely : user-manager-client, that is being used via REST invocations to create Keycloak users.
This client is a service-account role type client
I have granted this client the “realm-management:manage-users” role to allow to just create/update/manage users.
I’ve also created an new attribute thru User Profile tab in the Realm configuration.
Is it possible to lock down access to the new attribute (or other attributes) such that only the user-manage-client client can edit this attribute when creating or updating a user ? The attribute should be otherwise read-only in the admin-ui (for admins) and the accounts console (for logged in user)
i.e. The attribute is only writeable via the user-manager-client.