Role management in Keycloak
Intended Audience: OpenSlice Administrators
Some initial configuration of Keycloak happens at Installation/Deployment time. The Keycloak admin user must create and manage OpenSlice users.
By default, Keycloak is accessible via the {domain_URL}/auth
path.
It is mandatory that an at least 1 "ADMIN" OpenSlice user exists at every instance.
The ADMIN role is needed to:
- Configure NFVO targets
- Enable NFV orchestration
- Manage Service Catalogs and Categories
- Design Service Specifications and manage their expose through Service Catalogs/Categories
- Acknowledge Service Orders for fulfillment
- Browse all Service Specifications, Orders, and Inventory
- Browse all Resource Specifications and Inventory
Alternative, the USER role can be assigned so as to:
- Access the marketplace
- Issue Service Orders
- Preview own Service Orders and Inventory
There are cases that OpenSlice/Keycloak administrators need to configure Keycloak, so as to:
- Change user roles, e.g. make a Simple user (USER) a Service Designer (ADMIN)
- Domain management, e.g. Access Token lifespan, allowed Origins
- User Password reset