Directory permissions allow you to restrict the way in which directories can be used by mapped applications. Often, administrators need to limit applications to only being able to read — not modify — directory entity data, i.e. the users ('principals') groups and roles contained within the directory. You can achieve this by disabling the relevant directory permissions.
| Permission |
Description |
| Add Group |
Allows applications to add groups to the directory. |
| Add Principal |
Allows applications to add principals to the directory. |
| Add Role |
Allows applications to add roles to the directory. |
| Modify Group |
Allows applications to modify groups in the directory. |
| Modify Principal |
Allows applications to modify principals in the directory. |
| Modify Role |
Allows applications to modify roles in the directory. |
| Remove Group |
Allows applications to delete groups from the directory. |
| Remove Principal |
Allows applications to delete principals from the directory.
 Consider carefully whether you allow the deletion of principals, as some applications contain historical data, e.g. documents that the user has created. Read more. |
| Remove Role |
Allows applications to delete roles from the directory. |
When you add a new directory, all of its permissions are enabled by default.
To specify directory permissions,
- Configure a new directory as described in 2.2 Adding a Directory or select an existing directory from the Directory Browser.
- Click the 'Permissions' tab. This will display a list of permissions as shown in the screenshot below.
- To enable a directory permission, select the corresponding check-box.
- To disable a directory permission, deselect the corresponding check-box.
Screenshot: 'Directory Permissions'
See Also
To control which users within a directory may access a mapped application, see 3.4 Specifying which Groups can access an Application.
Related Topics
Crowd 1.1 Documentation
