In keycloak 26.3.3, when trying to create new Permission through Permissions->Create Permission→Users, we dont see reset-password option in “Authorization scopes”.
Has anyone observed this. Please let us know
Thanks!
It can’t be there, as it was added in 26.4:
opened 08:04AM - 15 Aug 25 UTC
closed 06:10PM - 03 Sep 25 UTC
kind/enhancement
team/core-iam
release/26.4.0
### Description
**Why:** Password resets were implicitly granted by MANAGE\_USE… RS. With FGAP v2 we need policy-based, auditable control to allow/deny resets per user/group with deny-overrides and secure-by-default behavior.
**What:**
* Add `reset-password` scope to `USERS`
* Require `RESET_PASSWORD` in `UserResource.resetPassword()`
* `UserPermissionsV2` implements deny-overrides, secure-by-default; optional fallback to MANAGE\_USERS via `fgap.v2.resetPassword.fallbackToManageUsers` (default=false)
* `getAccess(user).resetPassword` for Admin Console
* Preserve self-service password change
* Logging/auditing enhancements
* Tests and docs
**Migration notes:** When FGAP v2 is enabled and no RESET\_PASSWORD policies exist, reset is denied by default unless fallback is enabled.
### Discussion
_No response_
### Motivation
_No response_
### Details
_No response_
system
October 13, 2025, 1:10pm
4
This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.
