Uploaded image for project: 'Confluence Data Center'
  1. Confluence Data Center
  2. CONFSERVER-16709

External User Management option is confusing, does not work properly and should be removed

      According to the Confluence documentation, when you enable External User Management, "...assignment of permissions to groups and users is still carried out within Confluence, but the creation of groups and users is not." The last bit is incorrect and has been since Confluence 2.9.3.

      In Confluence 2.10 and up, while External User Management is enabled you can still create local users and groups. In Confluence 2.9.3, the option to add new users/groups is greyed out when External User Management is enabled.

      In Confluence 3.5, the option is still confusingly broken, and the new user directories configuration adds additional complexity. The option should be removed and Confluence should be smart enough to display only options in the UI that make sense. For example, if there are no read-write directories enabled, then public sign-up and adding a user should be prevented or disabled.

            [CONFSERVER-16709] External User Management option is confusing, does not work properly and should be removed

            Same for true in JIRA 6.1 - I can add/delete users in JIRA Internal directory even 'External user management' is ON after instance restarted. Not finding a related issue link for JIRA so updated here.

            Rudey Yao [GLiNTECH] added a comment - Same for true in JIRA 6.1 - I can add/delete users in JIRA Internal directory even 'External user management' is ON after instance restarted. Not finding a related issue link for JIRA so updated here.

            Matt Ryall added a comment - - edited

            This is still outstanding in Confluence 3.5. We still permit operations through the UI that we shouldn't because the 2.10 UI changes didn't take into account this option.

            We're planning to remove this option in a future version of Confluence, and instead determine what operations should be visible based on your user directory configuration.

            Matt Ryall added a comment - - edited This is still outstanding in Confluence 3.5. We still permit operations through the UI that we shouldn't because the 2.10 UI changes didn't take into account this option. We're planning to remove this option in a future version of Confluence, and instead determine what operations should be visible based on your user directory configuration.

            Matt Ryall added a comment -

            The option is badly named and doesn't really reflect the true options in Confluence with external user management. All the 'Enable External User Management' option attempts to do is remove some options in the UI for editing users and groups. Clearly it doesn't even do that properly.

            We should remove this option from the UI and change the user and group management UI to reflect the actual configuration in atlassian-user.xml, crowd.properties or Confluence itself. The operations which are available on a user or group should reflect the operations that are available in the appropriate user management backend.

            Matt Ryall added a comment - The option is badly named and doesn't really reflect the true options in Confluence with external user management. All the 'Enable External User Management' option attempts to do is remove some options in the UI for editing users and groups. Clearly it doesn't even do that properly. We should remove this option from the UI and change the user and group management UI to reflect the actual configuration in atlassian-user.xml, crowd.properties or Confluence itself. The operations which are available on a user or group should reflect the operations that are available in the appropriate user management backend.

            We are linking crowd to confluence and our own application. Therefore we want external user management enabled on confluence. Making crowd the place to create users and groups. That way no user or group can be created in confluence. Fix this as soon as possible please.

            Roel Croonenberghs added a comment - We are linking crowd to confluence and our own application. Therefore we want external user management enabled on confluence. Making crowd the place to create users and groups. That way no user or group can be created in confluence. Fix this as soon as possible please.

            The biggest problem is that even though external user management is enabled, confluence is trying to create users and/or groups in the crowd directory (generating errors as the application doesn't have permissions to do so in crowd). Further more, confluence is also allowing administrators to "set passwords" for users (when it shouldn't).
            External user management should be consistent with the way jira's behave (Doesn't allow changes to users and cannot add/remove groups or users).

            Hellmut Adolphs added a comment - The biggest problem is that even though external user management is enabled, confluence is trying to create users and/or groups in the crowd directory (generating errors as the application doesn't have permissions to do so in crowd). Further more, confluence is also allowing administrators to "set passwords" for users (when it shouldn't). External user management should be consistent with the way jira's behave (Doesn't allow changes to users and cannot add/remove groups or users).

              alwang Alice Wang (Inactive)
              mtaylor@atlassian.com Maleko Taylor (Inactive)
              Affected customers:
              34 This affects my team
              Watchers:
              25 Start watching this issue

                Created:
                Updated:
                Resolved: