This page introduces you to groups and roles in Crowd.
About Groups and Roles
Groups and roles are known as permission container objects. Groups are particularly important in Crowd, as they are often used to control access to applications. Note also that the crowd-administrators group confers Crowd administration rights to its members.
Roles are Deprecated
As previously announced, roles are now deprecated in Crowd. We have not changed the functionality of roles in Crowd 2.1, but we do recommend that you move away from the use of roles in your Crowd installation so that you will not be adversely affected by the planned redesign of role functionality. Roles are disabled by default when you create a new LDAP directory. We recommend that you leave roles disabled, unless you have existing data that includes roles.At present, the implementation of roles in Crowd is identical to the implementation of groups. This design does not provide much useful functionality, so we are planning to redesign the way Crowd supports roles. If you would like to help us to design better role-based access control, please add a comment to the improvement request CWD-931, letting us know how you would like to see it work.
Nested Groups
Some user directories allow you to define a group as a member of another group. Groups in such a structure are called 'nested groups'. In Crowd, you can map any group to an application, including a group which contains other groups. Crowd supports nested groups for LDAP directory connectors, Crowd internal directories, Delegated Authentication directories and custom directories. You can enable or disable support for nested groups on each directory individually. For more information, refer to the documentation on configuring a directory.
For more details about nested groups, refer to Nested Groups in Crowd.About the Group Browser and the Role Browser
The Group Browser and the Role Browser are very similar. They allow you to search, view, add and edit the various groups and roles stored within a specified directory.
To use the Group Browser,
- Log in to the Crowd Administration Console.
- Click the 'Groups' tab in the top navigation bar.
- The Group Browser will appear. Select the directory in which you are interested, then click the 'Search' button to list all the groups that exist in that directory.
You can refine your search by specifying a 'Name' or by choosing 'Active' or 'Inactive' groups. - To view or edit a group's details, click the link on the group name.
- Click the 'Direct Members' tab to view the immediate members of the group, including users and other groups.
- Click the 'Nested Members' tab to view all users who are included in the group and in its sub-groups
- You can read more about group members in Managing Group Members.
Screenshot 1: Group Browser
Screenshot 2: Viewing and updating group details
RELATED TOPICS
- Using the User Browser
- Adding a User
- Editing a User's Details and Password
- Deleting or Deactivating a User
- Case Sensitivity of Usernames, Groups and Roles
- Specifying a User's Aliases
- Editing a User's Group and Role Membership
- Managing Groups and Roles
- Managing Group Members
- Specifying a User's Attributes
- Granting Crowd Administration Rights to a User
- Granting Crowd User Rights to a User
- Managing a User's Session
Attachments:











