Before reporting an issue

• I have read and understood the above terms for submitting issues, and I understand that my issue may be closed without action if I do not follow them.

Area

admin/api

Describe the bug

My installation has multiple users who have access to the admin console for specific realms, not including the master realm. For example, a user has permissions to manage other users in a different realm. Previously when that user would log in, they would view the Keycloak homepage and be able to select the necessary page in a different realm. Now, those users are able to successfully log in still, but receive an error on the homepage. While they are able to navigate to other pages (including ones that should work), the error doesn't go away.

Version

25.0.1

Regression

• The issue is a regression

Expected behavior

Users who have admin access to specific realms should be able to access those realms in the admin ui without error.

Actual behavior

Users who do not have the master realm's view-realm role receive an error when logging in, and the refresh button in the error does not help. Additionally, navigating to other pages they should have access to still gives the same error.

How to Reproduce?

1. Create a new user in the master realm.
2. Give that user non-master realm permissions without any master realm permissions.
3. Log in to the admin console as that user.

Anything else?

Previously, the master realm users were able to see Keycloak statistics, such as version and memory allocation. I agree that users who do not have access to the master realm should not be able to see that information, but they should not get an error just by logging in.