Documentation for Crowd 2.2. Documentation for other versions of Crowd is available too.
Groups and roles are known as permission container objects. Groups are particularly important in Crowd, as they are often used to control access to applications. Note also that the crowd-administrators group confers Crowd administration rights to its members.
Adding a Group or Role via the Administration Console
To add a group or role,
- Log in to the Crowd Administration Console.
- Click the 'Groups' or 'Roles' link in the top navigation bar.
- This will display the Group Browser (or Role Browser). Click 'Add Group' or 'Add Role' in the left-hand menu.
- Complete the fields as described in the table below, then click the 'Create' button.
You can now add users to the new group or role. If your directory supports nested groups, you can now add sub-groups.
Field |
Description |
|---|---|
Name |
The unique name of the group or role. Within a given directory, the Name must be unique. Note that the Name cannot be changed once the group or role is created. |
Description |
A short description of the group or role. |
Directory |
The directory to which the group or role will be added. Note that the group or role cannot be moved to a different directory after it is created. |
Active |
Only deselect this if you wish to deny access to all members of the group or role. |
Screenshot 1: 'Group Browser'
Screenshot 2: 'Add Group'
Importing Groups from Other Applications
You can also add groups (not roles) via Crowd's migration tools. See Importing Users and Groups into a Directory.
Group Authorisation
See Specifying which Groups can access an Application.
Roles are Deprecated
As previously announced, roles are now deprecated in Crowd. We have not changed the functionality of roles in Crowd 2.1, but we do recommend that you move away from the use of roles in your Crowd installation so that you will not be adversely affected by the planned redesign of role functionality. Roles are disabled by default when you create a new LDAP directory. We recommend that you leave roles disabled, unless you have existing data that includes roles.
At present, the implementation of roles in Crowd is identical to the implementation of groups. This design does not provide much useful functionality, so we are planning to redesign the way Crowd supports roles. If you would like to help us to design better role-based access control, please add a comment to the improvement request CWD-931, letting us know how you would like to see it work.
RELATED TOPICS
- Using the User Browser
- Adding a User
- Editing a User's Details and Password
- Deleting or Deactivating a User
- Case Sensitivity of Usernames, Groups and Roles
- Specifying a User's Aliases
- Editing a User's Group and Role Membership
- Managing Groups and Roles
- Managing Group Members
- Specifying a User's Attributes
- Granting Crowd Administration Rights to a User
- Granting Crowd User Rights to a User
- Managing a User's Session
Overview
Content Tools
Apps
Log a request with our support team.
Raise an issue for our developers.
See answers from the community.
Blog and update our documentation.
Except where otherwise noted, content in this space is licensed under a Creative Commons Attribution 2.5 Australia License.