Documentation for Crowd 2.5. Documentation for other versions of Crowd is available too.
When you map a directory to an application, you can also define the application's ability to add/update/delete users and groups in the directory. To do this, use the 'Permissions' tab in the 'View Application' screen.
Directory permissions are defined at two levels:
- Directory-level permissions are defined on the 'Permissions' tab of the 'View Directory' screen. These permissions apply to each application mapped to the directory, unless the application has its own application-level permissions.
- Application-level directory permissions are defined on the 'Permissions' tab of the 'View Application' screen. If a permission is enabled at directory level, you can enable it for a specific application. For example, you could enable the 'Add User' permission on the 'Customers' directory in JIRA but disable the permission for Confluence.
Take a look at an example.
Disabling a directory-level permission will override any permissions enabled at application level. If a permission is enabled at application level and then subsequently disabled at directory level, the directory-level permission will apply. (The application-level permissions will be 'remembered' and will apply again if re-enabled at directory level.)
How do directory permissions affect the Crowd application (Crowd Administration Console)?
- If a particular permission is turned off at directory level, then no application can perform the related function - not even the Crowd application. So, for example, if you disable the 'Remove User' permission for a directory, then the Crowd Administration Console will not allow you to delete a user from that directory.
- The Crowd application is not bound by application-level permissions.
For details on directory-level permissions, refer to the instructions on specifying directory permissions. Below are instructions on setting the application-level directory permissions.
Permission | Description |
|---|---|
Add Group | Allows the application to add groups to the selected directory. |
Add User | Allows the application to add users to the selected directory. |
Modify Group | Allows the application to modify groups in the selected directory. |
Modify User | Allows the application to modify users in the selected directory. |
Remove Group | Allows the application to delete groups from the selected directory. |
Remove User | Allows the application to delete users from the selected directory. |
Consider carefully whether you allow the deletion of users, as some applications contain historical data, e.g. documents that the user has created. Read When you initially map a directory to an application, all of the application's permissions are enabled by default. But note that disabling a directory-level permission will override any permissions enabled at application level.
To set the directory permissions for an application,
- Log in to the Crowd Administration Console.
- Click the 'Applications' tab in the top navigation bar.
- This will display the Application Browser. Click the 'View' link next to the application you wish to update.
- This will display the 'View Application' screen. Click the 'Permissions' tab.
- This will display a list of directories that are currently mapped to the application, and a set of permission check-boxes. Select a directory from the list on the left.
- The 'Permissions' check-boxes will change to show the application's existing permissions for that directory.
- To enable a directory permission, select the corresponding check-box.
- To disable a directory permission, deselect the corresponding check-box.
Screenshot: Setting directory permissions for an application
On the application permissions screen, the words '(disabled globally)' will appear next to any permission that is disabled at directory level.
RELATED TOPICS
- Using the Application Browser
- Adding an Application
- Integrating Crowd with Atlassian Bamboo
- Integrating Crowd with Atlassian Confluence
- Integrating Crowd with Atlassian CrowdID
- Integrating Crowd with Atlassian Crucible
- Integrating Crowd with Atlassian FishEye
- Integrating Crowd with Atlassian JIRA
- Integrating Crowd with Atlassian Stash
- Integrating Crowd with Acegi Security
- Integrating Crowd with Apache
- Disabling Previous Versions of the Crowd Apache Connector
- Installing the Crowd Apache Connector on CentOS Linux
- Installing the Crowd Apache Connector on Red Hat Enterprise Linux
- Installing the Crowd Apache Connector on Ubuntu Linux
- Installing the Crowd Apache Connector on Debian
- Installing the Crowd Apache Connector on Other UNIX-Like Systems
- Installing the Crowd Apache Connector on Windows
- Integrating Crowd with Jive Forums
- Integrating Crowd with Spring Security
- Integrating Crowd with Subversion
- Integrating Crowd with a Custom Application
- Configuring the Google Apps Connector
- Mapping a Directory to an Application
- Specifying an Application's Address or Hostname
- Testing a User's Login to an Application
- Enforcing Lower-Case Usernames and Groups for an Application
- Managing an Application's Session
- Deleting or Deactivating an Application
- Configuring Caching for an Application
- Overview of SSO
- Configuring Options for an Application
Overview
Content Tools
Apps
Log a request with our support team.
Raise an issue for our developers.
See answers from the community.
Blog and update our documentation.
Except where otherwise noted, content in this space is licensed under a Creative Commons Attribution 2.5 Australia License.