See below for the low-level client roles.
Unlike user roles, low-level roles cannot be added or modified.
Permissions for managing your account
The following client roles grant permissions on the user's personal account.
Role | Permissions |
|---|---|
delete-account | Delete the personal account |
manage-account-links | Link or unlink identity providers (IdPs) to the personal account |
manage-account | Manage the personal account |
manage-consent | Review, grant, or revoke consent for an application to access personal data |
read-token | Read the personal access token |
view-applications | View the applications linked to the personal account |
view-consent | View the consents granted for an application to access personal data |
view-profile | View personal profile information |
Permissions for managing other accounts
The following client roles grant permissions on other user accounts.
Role | Permissions |
|---|---|
create-client | Create clients |
impersonation | Log in as that user without knowing their password (typically for troubleshooting or support purposes) |
manage-authorization | Manage user authorization settings |
manage-clients | Manage client application settings such as protocols, credentials, or roles. |
manage-events | Manage event settings such as listeners, types, or retention policies |
manage-identity-providers | Add, configure, and remove identity providers (IdPs) |