Realm Roles

IAMS require the following realm roles to be created:

• realm-tenant-admin – role that can create tenant
• tenant-admin – role that can administer role, group, resource, and resource permission in a tenant.
• system-admin – role that can manage user and tenant in the realm. This role is a composite role that contain the realm-tenant-admin role.

Create realm-tenant-admin Role

1. Login to the Web Admin Console and navigate to the realm.

2. Click on Realm roles on the side menu:

3. Click on Create role button

4. Enter the following for the role:

• Role name: realm-tenant-admin

5. Click on Save button to create

Create system-admin Role

1. Login to the Web Admin Console and navigate to the realm.

2. Click on Realm roles on the side menu.

3. Click on Create role button

4. Enter the following for the role:

• Role name: system-admin

4. Click on Save button to create the role.

5. Click on the Action dropdown menu on the right hand side of the screen and select Add associated roles submenu.

6. Check realm-management realm-admin from the list:

7. Click on Assign button to assign selected roles to system-admin role:

8. Click on Assign Role button

9. Select Filter by realm roles from the filter

10. Check realm-tenant-admin from the list

11. Click on Assign button to complete the configuration.

Create tenant-admin Role

1. Login to the Web Admin Console and navigate to the realm.

2. Click on Realm roles on the side menu.

3. Click on Create role button

4. Enter the following for the role:

Role name: tenant-admin

5. Click on Save button to create the role.

6. Click on the Action dropdown menu on the right hand side of the screen and select Add associated roles submenu.

7. Check realm-management realm-admin from the list.

8. Click on Assign button to assign selected roles to tenant-admin role.