Documentation for Crowd 2.4. Documentation for other versions of Crowd is available too.

Within any given directory, you can choose the groups and roles to which each user belongs. Note that a user's group membership is particularly important, as groups are often used to control access to applications.

グループ

The Crowd Administration Console provides two ways of adding users to or removing users from a group:

  • The group management screen for a specific group — Here you can add many users at once to the selected group.
  • The user management screen for a specific user — Here you can add the selected user to one or more groups at a time.

Full instructions are in Adding Users to a Group and Removing Users from a Group.

ロール

As previously announced, roles are now deprecated in Crowd. We have not changed the functionality of roles in Crowd 2.1, but we do recommend that you move away from the use of roles in your Crowd installation so that you will not be adversely affected by the planned redesign of role functionality. Roles are disabled by default when you create a new LDAP directory. We recommend that you leave roles disabled, unless you have existing data that includes roles.

At present, the implementation of roles in Crowd is identical to the implementation of groups. This design does not provide much useful functionality, so we are planning to redesign the way Crowd supports roles. If you would like to help us to design better role-based access control, please add a comment to the improvement request CWD-931, letting us know how you would like to see it work.

To add a user to a role,

  1. Log in to the Crowd Administration Console.
  2. Click the 'Users' link in the top navigation bar.
  3. This will display the User Browser. Select the relevant directory, locate the user you wish to add, and click the link on the user's name.
  4. This will display the 'User Details' screen. Click the 'Roles' tab.
  5. A list of the user's current roles (if any) will be displayed, as shown on the screenshot below. Select the relevant role from the drop-down box below the list, then click the 'Add' button.

Screenshot: Managing a user's roles



Multiple Directories

When Crowd determines a person's access to an application based on their membership of a group, what happens if the same username exists in more than one directory? Crowd will look for group membership only in the first directory where the username appears, based on the order of directories mapped to the application. See Specifying the Directory Order for an Application.

例:

  • Two directories are mapped to Application A: The Customers directory and the Partners directory.
  • The Customers directory is mapped first in the 'Directory Order' for Application A.
  • ユーザー名 jsmith は Customers ディレクトリと Partners ディレクトリの両方に存在します。
  • ユーザー jsmith は、Customers ディレクトリの G1 グループと Partners ディレクトリの G2 グループのメンバーです。
  • Crowd will grant the user access to Application A based on membership of G1. For purposes of granting access to this application, Crowd will not consider jsmith a member of group G2.
関連トピック

Crowd Documentation



Log a request with our support team.



Raise an issue for our developers.



See answers from the community.



Blog and update our documentation.

Except where otherwise noted, content in this space is licensed under a Creative Commons Attribution 2.5 Australia License.