From a035b904ff3f867f8a8ce9e78fed060e61258471 Mon Sep 17 00:00:00 2001
From: Pedro Igor <pigor.craveiro@gmail.com>
Date: Mon, 12 May 2025 17:02:21 -0300
Subject: [PATCH] Return only manage permissions when listing users via
 administration console

Closes #39641

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
---
 .../org/keycloak/admin/ui/rest/BruteForceUsersResource.java     | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/rest/admin-ui-ext/src/main/java/org/keycloak/admin/ui/rest/BruteForceUsersResource.java b/rest/admin-ui-ext/src/main/java/org/keycloak/admin/ui/rest/BruteForceUsersResource.java
index a2877ed90cb..577ec964025 100644
--- a/rest/admin-ui-ext/src/main/java/org/keycloak/admin/ui/rest/BruteForceUsersResource.java
+++ b/rest/admin-ui-ext/src/main/java/org/keycloak/admin/ui/rest/BruteForceUsersResource.java
@@ -169,7 +169,7 @@ public class BruteForceUsersResource {
             UserRepresentation userRep = briefRepresentationB ?
                     ModelToRepresentation.toBriefRepresentation(user) :
                     ModelToRepresentation.toRepresentation(session, realm, user);
-            userRep.setAccess(usersEvaluator.getAccess(user));
+            userRep.setAccess(usersEvaluator.getAccessForListing(user));
             return userRep;
         }).map(this::getBruteForceStatus);
     }