Uploaded image for project: 'Crowd Data Center'
  1. Crowd Data Center
  2. CWD-5145

Only users who have access to applications connected to Crowd should be synchronized from Crowd to those applications

    • Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

      Current Situation

      At the moment all users from directories mapped to applications in Crowd are synchronized to those applications, however, not all of them have access and can log in.

      Solution

      Client applications should only see users who have been allocated to them.
      Only synchronize users (to application) who has access to it

      This feature request is concerning Users. For feature request concerning groups, see:
      CWD-432 Client applications should only see groups which have been allocated to them

            [CWD-5145] Only users who have access to applications connected to Crowd should be synchronized from Crowd to those applications

            We (german Automotive company) need this fixed asap because

            • filtering on Application level is required in order to 'hide' users from certain applications
            • e.g. satelite applications that need to know only a subset of users (limited by group membership)
            • there is no point limiting who can login to an application (via group) but still offering all users and groups to the application
            • remember that user data has to be treated with care - e.g. restrict its distribution to where it is required

            We consider this as a bug as the Crowd configuration ui implies something else to what actually happens!

            We discovered only by chance that Crowd offers all user information to any application - to us this is a security issue.

             

            Please prioritize and fix as soon as possible.

            Thanks.

            Oliver Schmidt added a comment - We (german Automotive company) need this fixed asap because filtering on Application level is required in order to 'hide' users from certain applications e.g. satelite applications that need to know only a subset of users (limited by group membership) there is no point limiting who can login to an application (via group) but still offering all users and groups to the application remember that user data has to be treated with care - e.g. restrict its distribution to where it is required We consider this as a bug as the Crowd configuration ui implies something else to what actually happens! We discovered only by chance that Crowd offers all user information to any application - to us this is a security issue.   Please prioritize and fix as soon as possible. Thanks.

            This fix would be very useful for us.

            We have more than 30,000 user accounts in our Active Directory.

            In our Jira Software and Confluence instances we only need 1,000 users but in Servicedesk we need all 30,000 users. Actually it´s not helpful to create more than one LDAP connector for this usecase (performance / SSO etc.).

            Business Systeme added a comment - This fix would be very useful for us. We have more than 30,000 user accounts in our Active Directory. In our Jira Software and Confluence instances we only need 1,000 users but in Servicedesk we need all 30,000 users. Actually it´s not helpful to create more than one LDAP connector for this usecase (performance / SSO etc.).

            This would be a HUGE help and solve a handful of issues (https://jira.atlassian.com/browse/HCPUB-437 https://jira.atlassian.com/browse/BSERV-7571) as well as generally improve the performance and usability of other applications as the cwd_user/cwd_membership/cwd_group tables are full of users that aren't actually licensed.

            Craig Castle-Mead added a comment - This would be a HUGE help and solve a handful of issues ( https://jira.atlassian.com/browse/HCPUB-437 https://jira.atlassian.com/browse/BSERV-7571 ) as well as generally improve the performance and usability of other applications as the cwd_user/cwd_membership/cwd_group tables are full of users that aren't actually licensed.

              Unassigned Unassigned
              mkempa Marcin Kempa
              Votes:
              20 Vote for this issue
              Watchers:
              13 Start watching this issue

                Created:
                Updated:
                Resolved: