Specifying Directory Permissions in Crowd
Directory permissions are defined at two levels:
- Directory-level permissions are defined on the 'Permissions' tab of the 'View Directory' screen. These permissions apply to each application mapped to the directory, unless the application has its own application-level permissions.
- Application-level directory permissions are defined on the 'Permissions' tab of the 'View Application' screen. If a permission is enabled at directory level, you can enable it for a specific application. For example, you could enable the 'Add User' permission on the 'Customers' directory in Jira but disable the permission for Confluence.
Take a look at an example.
Disabling a directory-level permission will override any permissions enabled at application level. If a permission is enabled at application level and then subsequently disabled at directory level, the directory-level permission will apply. (The application-level permissions will be 'remembered' and will apply again if re-enabled at directory level.)
How do directory permissions affect the Crowd application (Crowd Administration Console)?
- If a particular permission is turned off at directory level, then no application can perform the related function - not even the Crowd application. So, for example, if you disable the 'Remove User' permission for a directory, then the Crowd Administration Console will not allow you to delete a user from that directory.
- The Crowd application is not bound by application-level permissions, because any user who could log into the Crowd application could change the application-level permissions for the Crowd application anyway.
You can also read more about application-level directory permissions.
When you add a new directory, all of its permissions are enabled by default.
To specify directory permissions
- Configure a new directory as described in Adding a Directory or select an existing directory from the Directory Browser.
- In the directory, click the Permissions tab.
This will display a list of permissions as shown in the screenshot below.
Need to grant users permission to access an application?
To control which users within a directory may access a mapped application, see Specifying which Groups can access an Application.
Screenshot: Directory permissions