Users and groups are managed using permissions and roles in Keycloak. All users of the user interface must be members of the corresponding permission roles in Keycloak.
The roles are created automatically when the app is imported. Once the roles have been created, you must assign these roles to the users in the Keycloak administration.
In Keycloak, add the roles under Role Mappings > Client Roles > app-server per user or group.
For more information on managing users and groups in Keycloak, see the Keycloak Administration Guide: Server Administration Guide.
The following roles are available:
-
link_shc: Members in this role have full access to the entire application.
-
link_shc_activities: Members in this role have access to the page with the activity overview.
-
link_shc_export: Members in this role have access to the manual export page.
-
link_shc_fields: Members in this role have access to the page with the field configuration.
Users in the admin role also have full access to the application.