[CWD-1348] Client applications should only see principals which have been authorised to access the application - Create and track feature requests for Atlassian products.

XML

Word

Printable

Details

Type: Suggestion
Status: Closed (View Workflow)
Resolution: Duplicate
Fix Version/s: None
Component/s: Core features
Labels:
- cl

Feedback Policy:

Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.
Current Status:

Hide

Atlassian Update - 08 November 2019

This feature request is currently tracked at CWD-5145 Only users who have access to applications connected to Crowd should be synchronized from Crowd to those applications. Please watch that issue for further updates.

Show
Atlassian Update - 08 November 2019 This feature request is currently tracked at CWD-5145 Only users who have access to applications connected to Crowd should be synchronized from Crowd to those applications . Please watch that issue for further updates.

Description

Currently, a client application can "see" all the principals in the directories configured for that application.

Ideally, if Allow All To Authenticate on a directory is set to False, only the principals that belong to the configured groups should be visible to the application. If Allow All To Authenticate on a directory is set to True, then the current behaviour of retrieving all groups is acceptable.

In addition to the SSC findAllPrincipalNames() method, there should be some sort of findAllAuthenticatablePrincipalNames()

Attachments

Issue Links

blocks

CWD-1263 Provide flag to filter users/groups to client applications based on application's permission to authenticate.

Gathering Interest

KRAK-452 Loading...

causes

FE-871 Re-Sync on crowd, will add all users in the directories rather than only the ones that belong to the configured group in the crowd application

Closed

BAM-4801 Integration with Crowd explodes user count

Gathering Impact

EMBCWD-924 Loading...

duplicates

CWD-5145 Only users who have access to applications connected to Crowd should be synchronized from Crowd to those applications

Future Consideration

has a derivative of

CONFCLOUD-27854 Allow groups and users synced from a Crowd directory to be filtered

Closed

CONFSERVER-27854 Allow groups and users synced from a Crowd directory to be filtered

Closed

is duplicated by

CWD-4469 Users are synced with the application even if they don't have permissions to login

Closed

CWD-4488 Not abiding by Crowd's Allow all to authenticate - False

Closed

is related to

CWD-432 Client applications should only see groups which have been allocated to them

Under Consideration

mentioned in: Page Loading...; Page Loading...

(1 duplicates, 2 has a derivative of, 2 is duplicated by, 1 is related to, 2 mentioned in)

Activity

People

Assignee:: Unassigned

Reporter:: Partha Kamal

Votes:: 36 Vote for this issue

Watchers:: 39 Start watching this issue

Dates

Created:: 09/Dec/2008 12:12 AM

Updated:: 08/Nov/2019 9:08 AM

Resolved:: 08/Nov/2019 8:47 AM