RE: Can You Create Read-Only Roles in FusionAuth?

1. Existing Role Limitations in FusionAuth

• FusionAuth provides predefined Admin UI roles, which are not modifiable.
• You can review the available roles here:
  FusionAuth Admin UI Roles
• The default FusionAuth application roles cannot be changed, which means read-only roles are not currently available.

2. Requesting Read-Only Roles as a Feature

• FusionAuth does not currently support read-only access roles for applications or tenants.
• The likely reason for this is that users who need to view application/tenant properties often also need to update them.
• However, you can submit a feature request to suggest adding read-only roles:
  Submit a Feature Request

3. Workaround: Implement a Custom Read-Only View

If immediate read-only access is required, consider:

• Using the FusionAuth APIs to create a custom dashboard where users can view but not edit data.
• Relevant APIs for this purpose:
  • Application API
  • Tenant API

Summary

• No built-in read-only roles exist for applications or tenants.
• FusionAuth Admin UI roles are not modifiable.
• You can request read-only roles as a feature via GitHub.
• A workaround is to build a custom, API-based read-only view.

We are evaluating the best permissions to assign different individuals in our QA and Production FusionAuth instances.

From the documentation, it seems that roles for tenants and applications are either create/update or delete, with no built-in read-only roles. Additionally, it appears that we cannot modify the roles for the default FusionAuth application.

Questions:

1. Is there a way to introduce read-only roles in FusionAuth?
2. If not, is there a plan to add this functionality in a future release?
3. We want to grant some users view-only access without allowing modifications—how can we achieve this?

@joseantonio said in How to setup reverse proxy for an SSO session bootstrap:

here

Thank you for sharing. What is the error that you are getting about the response_type?

@dev I am not sure you can set that level of debugging in FusionAuth. You can change logging in the AdminUI for various things like Lambdas, CORS filter, and that sort of thing.

@hamza-chouaibi Have you been through the FusionAuth and Proxies documentation? Are you sure Nginx has been configured properly?

@dev I was able to find this post about the ADDITIONAL_JAVA_ARGS and logging, but it doesn't seem to be a great answer. Can you tell me a little more specifically about what kind of information you are after? Maybe there is another way to it.

@prithwhat It is tough to troubleshoot without isolating the issues. You could use the APIs to remove the theme.

Not real sure where to go other than that right now. How many users and apps do you have configured? What kind of hardware is FusionAuth running on?

@dev Here is some information on monitoring FusionAuth. Is this the information you are looking for?