2.3 Specifying Directory Permissions

Directory permissions allow you to restrict the way in which directories can be used by mapped applications. Often, administrators need to limit applications to only being able to read — not modify — directory entity data, i.e. the users ('principals') groups and roles contained within the directory. You can achieve this by disabling the relevant directory permissions.

Permission	Description
Add Group	Allows applications to add groups to the directory.
Add Principal	Allows applications to add principals to the directory.
Add Role	Allows applications to add roles to the directory.
Modify Group	Allows applications to modify groups in the directory.
Modify Principal	Allows applications to modify principals in the directory.
Modify Role	Allows applications to modify roles in the directory.
Remove Group	Allows applications to delete groups from the directory.
Remove Principal	Allows applications to delete principals from the directory.
Remove Role	Allows applications to delete roles from the directory.

When you add a new directory, all of its permissions are enabled by default.

Directory permissions apply to all mapped applications, including the Crowd Administration Console. If you disable a directory's permissions, some of the functionality described in 4. Managing Principals, Groups and Roles may be unavailable.

To specify directory permissions,

Configure a new directory as described in 2.2 Adding a Directory or select an existing directory from the Directory Browser.
Click the 'Permissions' tab. This will display a list of permissions as shown in the screenshot below.

To enable a directory permission, select the corresponding check-box.

To disable a directory permission, deselect the corresponding check-box.

Screenshot: 'Directory Permissions'

Child pages

See Also

Related Topics