Currently, a role with basic permissions is given to any SSO user, in order to prevent infinite Keycloak-Magnolia loops in cases where security isn't defined properly. The proper way to handle lack of security in Magnolia, however, is to use a securityCallback.