Documentation for Crowd 1.2. Documentation for other versions of Crowd is available too.
Within any given directory, you can choose the groups and roles to which each principal (i.e. user) belongs.
Note that a principal's group membership is particularly important, as groups are often used to control access to applications.
What happens if a principal exists in more than one directory?
If the same username exists in more than one directory assigned to an application, Crowd treats these usernames as the same principal. Crowd searches all the assigned directories for the principal, and amalgamates the group and role memberships.
For example, let's assume you have a principal 'P' who exists in both directories 'D1' and 'D2', and is a member of group 'G1' in 'D1' and 'G2' in 'D2'. Crowd will grant access to the principal based on membership of both 'G1' and 'G2'.
When authenticating the principle, Crowd uses the first directory in which the username occurs, as described in 3.3.1 Specifying the Directory Order for an Application.
To add a principal to a group,
- Log in to the Crowd Administration Console.
- Click the 'Principals' link in the top navigation bar.
- This will display the Principal Browser. Select the relevant directory, locate the principal you wish to add, and click the 'View' link that corresponds to the principal.
- This will display the 'Principal Details' screen. Click the 'Groups' tab.
- A list of the principal's current groups (if any) will be displayed. Select the relevant group from the drop-down box below the list, then click the 'Add' button.
The principal will now be authorised to use any applications that use this group to control access.
To remove a principal from a group,
- Log in to the Crowd Administration Console.
- Click the 'Principals' link in the top navigation bar.
- This will display the Principal Browser. Select the relevant directory, locate the principal you wish to remove, and click the 'View' link that corresponds to the principal.
- This will display the 'Principal Details' screen. Click the 'Groups' tab.
- A list of the principal's current groups (if any) will be displayed. Click the 'Remove' link corresponding to the relevant group.
The principal will now be unable to log in to any applications that use this group to control access.
Screenshot: 'Principal — Groups'
The adding or removing of a principal to or from a role is performed via the Role Browser, but is otherwise identical to the process for groups.
Related Topics
- 4.01 Using the Principal Browser
- 4.02 Adding a Principal
- 4.03 Deleting or Deactivating a Principal
- 4.04 Managing a Principal's Session
- 4.05 Editing a Principal's Details and Password
- 4.06 Specifying a Principal's Attributes
- 4.07 Editing a Principal's Group and Role Membership
- 4.08 Granting Crowd Administration Rights to a User
- 4.09 Using the Group Browser and Role Browser
- 4.10 Adding a Group or Role
Overview
Content Tools
Apps
Except where otherwise noted, content in this space is licensed under a Creative Commons Attribution 2.5 Australia License.