From 49d386b3ff266a11ad92350d007ec3064a858395 Mon Sep 17 00:00:00 2001
From: Pedro Igor <pigor.craveiro@gmail.com>
Date: Mon, 12 May 2025 08:52:39 -0300
Subject: [PATCH] Return only manage permissions when listing users via
 administration console

Closes #39641

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
---
 .../org/keycloak/admin/ui/rest/BruteForceUsersResource.java     | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/rest/admin-ui-ext/src/main/java/org/keycloak/admin/ui/rest/BruteForceUsersResource.java b/rest/admin-ui-ext/src/main/java/org/keycloak/admin/ui/rest/BruteForceUsersResource.java
index a2877ed90cb8..577ec9640259 100644
--- a/rest/admin-ui-ext/src/main/java/org/keycloak/admin/ui/rest/BruteForceUsersResource.java
+++ b/rest/admin-ui-ext/src/main/java/org/keycloak/admin/ui/rest/BruteForceUsersResource.java
@@ -169,7 +169,7 @@ private Stream<BruteUser> toRepresentation(RealmModel realm, UserPermissionEvalu
             UserRepresentation userRep = briefRepresentationB ?
                     ModelToRepresentation.toBriefRepresentation(user) :
                     ModelToRepresentation.toRepresentation(session, realm, user);
-            userRep.setAccess(usersEvaluator.getAccess(user));
+            userRep.setAccess(usersEvaluator.getAccessForListing(user));
             return userRep;
         }).map(this::getBruteForceStatus);
     }