We need the admin console to have fine grained control to meet following use cases.
- Devs that are allowed to create/edit apps, but not manage users
- Devs that can create clients, but not applications
- Managers that are allowed to view user details, but not reset passwords, etc.
- Admins that can do everything for a single realm, or for all realms
For a start, we can look at implementing the last item (i.e. admins per realm) would be great.
Refer user mailing list discussion at http://lists.jboss.org/pipermail/keycloak-user/2014-February/000026.html