The problem Basic Keycloak permissions can be granted via the roles present in system clients. The realm-management client is used in most cases. However, there is a problem: existing permissions cannot be configured to meet your needs and provide too much access. You can make a user to manage all users in the realm or manage no one. There are two possible scenarios in this case. Only a limited number of developers have access to the realm, which makes them responsible for managing test users.