Crowd 2.1 : Editing a User's Group and Role Membership
This page last changed on Jul 29, 2009 by smaddox.
Within any given directory, you can choose the groups and roles to which each user belongs. Note that a user's group membership is particularly important, as groups are often used to control access to applications. GroupsThe Crowd Administration Console provides two ways of adding users to or removing users from a group:
Full instructions are in Adding Users to a Group and Removing Users from a Group. RolesAs previously announced, roles are now deprecated in Crowd. We have not changed the functionality of roles in Crowd 2.1, but we do recommend that you move away from the use of roles in your Crowd installation so that you will not be adversely affected by the planned redesign of role functionality. Roles are disabled by default when you create a new LDAP directory. We recommend that you leave roles disabled, unless you have existing data that includes roles. At present, the implementation of roles in Crowd is identical to the implementation of groups. This design does not provide much useful functionality, so we are planning to redesign the way Crowd supports roles. If you would like to help us to design better role-based access control, please add a comment to the improvement request CWD-931, letting us know how you would like to see it work. To add a user to a role,
Screenshot: Managing a user's roles
Multiple DirectoriesWhen Crowd determines a person's access to an application based on their membership of a group, what happens if the same username exists in more than one directory? Crowd will look for group membership only in the first directory where the username appears, based on the order of directories mapped to the application. See Specifying the Directory Order for an Application. For example:
RELATED TOPICS
![]() ![]() ![]() ![]() ![]() |
![]() |
Document generated by Confluence on Nov 30, 2010 23:53 |