我认为您正在寻找的是manage-members细粒管理权限".密钥克隆管理指南的早期版本给出了此特定用例的示例:

I think what you're looking for is is the manage-members 'Fine Grain Admin Permissions'. A previous version of the keycloak admin guide gave an example of this specific use-case:

您可以指定管理员只能管理特定组的成员.如果您在管理控制台中转到论坛的页面，则将看到权限"标签..."manage-members"权限允许您定义策略，以允许管理员管理作为该论坛成员的任何用户.

You can specify that an admin can only manage the members of a specific group. If you go to a group’s page in the Admin Console you will see a Permissions tab...The manage-members permission allows you to define policies that allow an admin to manage any user that is a member of the group.

4.6版新指南并未涵盖该特定用途-case不再是显式示例，但是该权限仍然列出，因此它应该仍然像以前一样工作.

The newer guide for 4.6 doesn't cover that specific use-case by explicit example anymore but that permission is still listed so it should still work as before.