Motivation

Currently we have only one Admin role that is too broad. The need is the Admin role to be broken into more specific admin roles as per below requirements. For solving this we'd appreciate help from an experienced with Keycloak developer to review and introduce the roles.

List of roles needed:

• role: Coordinator Admin
  • to be able to edit any campaign
  • to edit nomenclature tables like Cities, Countries, etc.
  • approve reports on any campaign
• role: Donations Admin
  • to view donation details on Admin UI and track specific ones in case of questions and even refunds when needed
  • to be able to import bank donations and assign them to registered users
  • to be able to export reports
• role: Finance Admin
  • to be able to manage collected funds on all campaigns via AdminUI/ Transfers, Withdrawals, BankAcounts etc
• role: User Admin
  • to be able to manage registered users
• role: Organization Admin
  • to be able to assign the above roles, without being able to do more unless he assigns specific roles to himself too

Desired solution & References

• The role matching logic to be extendable since more roles could appear in future. The current initial implementation is in this file.
• The new roles to be created with a Keycloak init script, so that they can be deployed on prod and also locally - see the current keycloak config file
• additional analysis and proposals are more than welcome