This page last changed on Mar 30, 2007 by rosie@atlassian.com.

Directory permissions allow you to restrict the way in which directories can be used by mapped applications. Often, administrators need to limit applications to only being able to read — not modify — directory entity data, i.e. the users ('principals') groups and roles contained within the directory. You can achieve this by disabling the relevant directory permissions.

Permission Description
Add Group Allows applications to add groups to the directory.
Add Principal Allows applications to add principals to the directory.
Add Role Allows applications to add roles to the directory.
Modify Group Allows applications to modify groups in the directory.
Modify Principal Allows applications to modify principals in the directory.
Modify Role Allows applications to modify roles in the directory.
Remove Group Allows applications to delete groups from the directory.
Remove Principal Allows applications to delete principals from the directory.
Remove Role Allows applications to delete roles from the directory.

When you add a new directory, all of its permissions are enabled by default.

Directory permissions apply to all mapped applications, including the Crowd Administration Console. If you disable a directory's permissions, some of the functionality described in 4. Managing Principals, Groups and Roles may be unavailable.

To specify directory permissions,

  1. Configure a new directory as described in 2.2 Adding a Directory or select an existing directory from the Directory Browser.
  2. Click the 'Permissions' tab. This will display a list of permissions as shown in the screenshot below.
  • To enable a directory permission, select the corresponding check-box.
  • To disable a directory permission, deselect the corresponding check-box.

Screenshot: 'Directory Permissions'

See Also

To control which users within a directory may access a mapped application, see 3.4 Specifying which Groups can access an Application.

Related Topics  

Crowd Documentation  


Document generated by Confluence on Jun 20, 2007 20:58