The only problem is, that this fact is not documented in https://karaf.apache.org/manual/latest/security. It is explicitly documented that "group" is a role:
> ... > _g_\:admingroup = group,admin,manager,viewer,ssh > ... > A group defines a set of roles. By default, the admingroup defines group, > admin, manager, and viewer > roles. Thank you. Richard Am Mi., 13. Jan. 2021 um 11:13 Uhr schrieb Jean-Baptiste Onofre < j...@nanthrax.net>: > Hi, > > The first part is a "fake" password for the group (to use the same syntax). > > That’s why, by default, in Karaf, we have: > > karaf = karaf,_g_:admingroup > _g_\:admingroup = group,admin,manager,viewer,systembundles,ssh > > Group is not really a role, it’s just a tag for group. > > For any group roles have to be defined with the following syntax: > > _g_\:group=group,role > > That’s the current behavior. > > If you consider as problematic, I can improve this to "ignore" the "tag > group role". > > Regards > JB > > > Le 13 janv. 2021 à 10:54, Richard Hierlmeier <rhierlme...@googlemail.com> > a écrit : > > > > > > In a test installation I had the following etc/users.properties file. > > > > karaf= karaf,_g_:admingroup > > _g_\:admingroup = admin,manager,viewer > > > > After a login the user karaf was only in role manager and viewer. > > I found out that the first role of a group is always ignored. > > > > Why is it ignored? > > > > > > > >