The module allows to map a Keycloak group to Magnolia roles and groups.

If the configuration defines that a user in magnolia-sre should get the superuser role, then a user in magnolia-sre will get the role and associated security rights.

If, however, the configuration defines that a user in magnolia-marketing should be assigned the Magnolia marketing group, then the user will get the group, but this won't have any consequence on security. This will only have practical consequences if the marketing Magnolia group defined associated roles. However, in such a case, the module is currently not smart enough to look for those roles and give them to the user.