Users and groups are managed using permissions and roles in Keycloak. All users of the user interface must be members of the corresponding permission roles in Keycloak.
The roles are created automatically when the app is imported. Once the roles have been created, you must assign these roles to the users in the Keycloak administration.
In Keycloak, add the roles under Role Mappings > Client Roles > app-server per user or group.
For more information on managing users and groups in Keycloak, see the Keycloak Administration Guide: Server Administration Guide.
The following roles exist:
-
link_datev: Members of the role have full access to the interface.
-
link_datev_activities: Members of the role have access to the activity overview.
-
link_datev_export: Members of the role have access to the interface for manual exporting.
-
link_datev_fields: Members of the role have access to the field configuration.
Users in the admin role also have full access to the application.