[CWD-432] Client applications should only see groups which have been allocated to them

Type: Suggestion
Resolution: Fixed
Fix Version/s: None
Component/s: Core features
Labels:
- cl
- kcs-flagged

Feedback Policy:

Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

Atlassian Status as of 31 October 2013

Hi everyone,

Thank you for your votes and comments on this improvement request. Whilst this is something we would like to implement some day, it is not at the forefront of our upcoming backlog.

We will be focussing on improving the integration of Crowd within our Atlassian suite of products, as well as simplifying and improving the overall user management and a unified administrative experience.

If our backlog changes and this improvement request becomes a priority, this ticket will be updated. If you'd like to better understand how we make roadmap decisions, have a read of : https://confluence.atlassian.com/display/DEV/Implementation+of+New+Features+Policy

Cheers, Helen Hung
Atlassian Product Management

Currently, a client application can "see" all the groups in the directories configured for that application.

Ideally, if Allow All To Authenticate on a directory is set to False, only the configured groups should be visible to the application. If Allow All To Authenticate on a directory is set to True, then the current behaviour of retrieving all groups is acceptable.

blocks

CWD-1263 Provide flag to filter users/groups to client applications based on application's permission to authenticate.

Closed

KRAK-2440 You do not have permission to view this issue

duplicates

CWD-5145 Only users who have access to applications connected to Crowd should be synchronized from Crowd to those applications

Closed

is duplicated by

BSERV-10046 Connecting with Crowd causes Bitbucket Server to synchronize all users and groups in directory

Closed

CWD-3505 Active Directory to Crowd - Authentication User list not refining when specific Groups are selected

Closed

CWD-1891 Add an option not to expose all groups to applications

Closed

CWD-5267 Option to Sync Only Authenticated Groups and Users To Applications

Closed

is related to

CWD-3505 Active Directory to Crowd - Authentication User list not refining when specific Groups are selected

Closed

relates to

CWD-1348 Client applications should only see principals which have been authorised to access the application

Closed

mentioned in: Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Wiki Page Loading...; Wiki Page Loading...

(2 is duplicated by, 1 is related to, 1 relates to, 8 mentioned in)

Pawel Gruszczynski (Inactive) added a comment - 25/Aug/2022 10:00 AM - edited

The feature has been already released in Crowd 4.4:

https://confluence.atlassian.com/crowd/crowd-4-4-release-notes-1087517293.html

Pawel Gruszczynski (Inactive) added a comment - 25/Aug/2022 10:00 AM - edited The feature has been already released in Crowd 4.4: https://confluence.atlassian.com/crowd/crowd-4-4-release-notes-1087517293.html

Florian Reichl added a comment - 15/Sep/2020 1:31 PM

Same with me!

Florian Reichl added a comment - 15/Sep/2020 1:31 PM Same with me!

Kumaran added a comment - 09/Apr/2020 4:28 PM

I can understand that this feature request is on backlog for 13 years now. With growing user base and big companies working on large scale, plugins, custom fields look ups on large group set and membership of all groups impact performance of atlassian tools. I would strongly ask the current product manager to consider implementing this feature. Thank you !

Kumaran added a comment - 09/Apr/2020 4:28 PM I can understand that this feature request is on backlog for 13 years now. With growing user base and big companies working on large scale, plugins, custom fields look ups on large group set and membership of all groups impact performance of atlassian tools. I would strongly ask the current product manager to consider implementing this feature. Thank you !

Anurag Jalan added a comment - 23/Jan/2020 9:35 AM

Same issue at our end also. We have integrated Crowd with JIRA, Jira Service Desk, Confluence & Bitbucket. What we now see is that all groups configured in Crowd is visible in all applications which is not required. This causes confusion among Atlassian Administrators who are distributed across various locations. Appreciate if it can be fixed.

Anurag Jalan added a comment - 23/Jan/2020 9:35 AM Same issue at our end also. We have integrated Crowd with JIRA, Jira Service Desk, Confluence & Bitbucket. What we now see is that all groups configured in Crowd is visible in all applications which is not required. This causes confusion among Atlassian Administrators who are distributed across various locations. Appreciate if it can be fixed.

Majken Connor added a comment - 09/Sep/2016 8:36 PM

This is definitely affecting us as Expert Partners. Crowd potentially saves us a lot of time when setting up demos or training instances for clients. The best case to avoid this is to use a directory per isolated group of applications, but we then need to make duplicate accounts for ourselves. It also clutters the user directories on our client facing sites.

We would be very excited to see this fixed, and would make it easier to recommend Crowd to our enterprise clients as well.

Majken Connor added a comment - 09/Sep/2016 8:36 PM This is definitely affecting us as Expert Partners. Crowd potentially saves us a lot of time when setting up demos or training instances for clients. The best case to avoid this is to use a directory per isolated group of applications, but we then need to make duplicate accounts for ourselves. It also clutters the user directories on our client facing sites. We would be very excited to see this fixed, and would make it easier to recommend Crowd to our enterprise clients as well.

Michelle Fritch added a comment - 28/Apr/2014 1:34 PM

We have several Atlassian stacks that consist of Jira, Confluence, and Stash. It would be preferable to use only one Crowd server, however, every application shows every user available in Crowd and not just the users that belong to the groups that are allowed to log into the specific application instance. Also, every application shows every group configured in Crowd and not just the groups allowed to log into that application. This leads to a great deal of clutter and potential management headaches when scaling beyond a single stack and a few hundred users.

Michelle Fritch added a comment - 28/Apr/2014 1:34 PM We have several Atlassian stacks that consist of Jira, Confluence, and Stash. It would be preferable to use only one Crowd server, however, every application shows every user available in Crowd and not just the users that belong to the groups that are allowed to log into the specific application instance. Also, every application shows every group configured in Crowd and not just the groups allowed to log into that application. This leads to a great deal of clutter and potential management headaches when scaling beyond a single stack and a few hundred users.

Eugene Mak [Atlassian] added a comment - 02/May/2011 6:33 AM

Hi everyone,

Just letting you know that we've updated the current Atlassian status in the description of this issue, and you should go check it out!

Eugene Mak
Atlassian Product Management

Eugene Mak [Atlassian] added a comment - 02/May/2011 6:33 AM Hi everyone, Just letting you know that we've updated the current Atlassian status in the description of this issue, and you should go check it out! Eugene Mak Atlassian Product Management

David O'Flynn [Atlassian] added a comment - 02/Aug/2010 12:15 AM

Hi Andy,

Assigning a group to an application means that only the users in that group will be able to successfully authenticate. It has no other function.

Cheers,
Dave.

David O'Flynn [Atlassian] added a comment - 02/Aug/2010 12:15 AM Hi Andy, Assigning a group to an application means that only the users in that group will be able to successfully authenticate. It has no other function. Cheers, Dave.

Andy Brook (Javahollic Software) added a comment - 31/Jul/2010 2:07 PM

Can someone clarify what the point is of CROWD providing features to associate groups with applications if all groups in the CROWD directory are visible to client apps? Does this association in CROWD do anything at all?

Andy Brook (Javahollic Software) added a comment - 31/Jul/2010 2:07 PM Can someone clarify what the point is of CROWD providing features to associate groups with applications if all groups in the CROWD directory are visible to client apps? Does this association in CROWD do anything at all?

Eric Anderson added a comment - 27/Apr/2010 3:43 PM

Another reason why this should be optional:

Jira craps all over itself when it expects a user to exist and it doesn't. This means that removing users from the system screws everything up. The way we handle this is to create a separate OU for Disabled Users, we don't allow them to log in but we let Jira see them.

If Jira were smarter about this, this issue could potential be fixed but until then, fixing this issue will introduce regressions in work arounds for an already broken set of features.

Eric Anderson added a comment - 27/Apr/2010 3:43 PM Another reason why this should be optional: Jira craps all over itself when it expects a user to exist and it doesn't. This means that removing users from the system screws everything up. The way we handle this is to create a separate OU for Disabled Users, we don't allow them to log in but we let Jira see them. If Jira were smarter about this, this issue could potential be fixed but until then, fixing this issue will introduce regressions in work arounds for an already broken set of features.

Assignee:: Unassigned

Reporter:: shihab

Votes:: 60 Vote for this issue

Watchers:: 41 Start watching this issue

Created:: 12/Jul/2007 5:12 AM

Updated:: 24/Apr/2025 1:44 PM

Resolved:: 25/Aug/2022 10:01 AM

Details

Description

Attachments

Issue Links

Forms

Activity

Collapse comment: Pawel Gruszczynski (Inactive) added a comment - 25/Aug/2022 10:00 AM, Edited by Pawel Gruszczynski - 25/Aug/2022 10:06 AM

Expand comment: Pawel Gruszczynski (Inactive) added a comment - 25/Aug/2022 10:00 AM, Edited by Pawel Gruszczynski - 25/Aug/2022 10:06 AM

Collapse comment: Florian Reichl added a comment - 15/Sep/2020 1:31 PM

Expand comment: Florian Reichl added a comment - 15/Sep/2020 1:31 PM

Collapse comment: Kumaran added a comment - 09/Apr/2020 4:28 PM

Expand comment: Kumaran added a comment - 09/Apr/2020 4:28 PM

Collapse comment: Anurag Jalan added a comment - 23/Jan/2020 9:35 AM

Expand comment: Anurag Jalan added a comment - 23/Jan/2020 9:35 AM

Collapse comment: Majken Connor added a comment - 09/Sep/2016 8:36 PM

Expand comment: Majken Connor added a comment - 09/Sep/2016 8:36 PM

Collapse comment: Michelle Fritch added a comment - 28/Apr/2014 1:34 PM

Expand comment: Michelle Fritch added a comment - 28/Apr/2014 1:34 PM

Collapse comment: Eugene Mak [Atlassian] added a comment - 02/May/2011 6:33 AM

Expand comment: Eugene Mak [Atlassian] added a comment - 02/May/2011 6:33 AM

Collapse comment: David O'Flynn [Atlassian] added a comment - 02/Aug/2010 12:15 AM

Expand comment: David O'Flynn [Atlassian] added a comment - 02/Aug/2010 12:15 AM

Collapse comment: Andy Brook (Javahollic Software) added a comment - 31/Jul/2010 2:07 PM

Expand comment: Andy Brook (Javahollic Software) added a comment - 31/Jul/2010 2:07 PM

Collapse comment: Eric Anderson added a comment - 27/Apr/2010 3:43 PM

Expand comment: Eric Anderson added a comment - 27/Apr/2010 3:43 PM

People

Dates