Account Console currently differs between only two states: either user can fully access it (i.e. has "manage-account" role), or doesn't have any access at all. The underlying REST API supports multiple permissions, like e.g. "view-profile" role for a read-only access to basic profile data.
Based on assigned client roles from "account" client:
- Support for read-only access. I.e. display input fields but disable editing their values and hide save buttons.
- Hide sections of the console the user doesn't have access to. E.g. hide applications when user doesn't have "manage-account", "view-applications" and "manage-applications" roles.
All scopes of "account" client will have to be added to "account-console" client. See closed