Within any given directory, you can choose the groups to which each user belongs. Note that a user's group membership is particularly important, as groups are often used to control access to applications.

Groups

The Crowd Administration Console provides two ways of adding users to or removing users from a group:

  • The group management screen for a specific group — Here you can add many users at once to the selected group.
  • The user management screen for a specific user — Here you can add the selected user to one or more groups at a time.

Full instructions are in Adding Users to a Group and Removing Users from a Group.

Roles

Support for roles, previously deprecatedhas been removed in Crowd 2.5. The implementation of roles in Crowd was identical to the implementation of groups and did not provide any extra functionality.

Multiple Directories

When Crowd determines a person's access to an application based on their membership of a group, what happens if the same username exists in more than one directory? Crowd will look for group membership only in the first directory where the username appears, based on the order of directories mapped to the application. See Specifying the Directory Order for an Application.

For example:

  • Two directories are mapped to Application A: The Customers directory and the Partners directory.
  • The Customers directory is mapped first in the 'Directory Order' for Application A.
  • A username jsmith exists in both the Customers directory and the Partners directory.
  • The user jsmith is a member of group G1 in the Customers directory and group G2 in the Partners directory.
  • Crowd will grant the user access to Application A based on membership of G1. For purposes of granting access to this application, Crowd will not consider jsmith a member of group G2.

RELATED TOPICS

Crowd Documentation