Uploaded image for project: 'Crowd Data Center'
  1. Crowd Data Center
  2. CWD-5410

When nested groups are enabled, provide flattened groups' membership when synchronizing with connected applications

XMLWordPrintable

    • 2

    • Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

      Problem Definition

      Nested Groups can be enabled on both, Crowd server and connected applications using Embedded Crowd.
      On some connected applications, doing operations with nested groups (i.e. permissions validation on Confluence) may be expensive.

      When Embedded Crowd synchronizes a directory with Crowd, it uses the /crowd/rest/usermanagement/1/group/membership REST API method.
      If we have the below hierarchy in the LDAP server, then Crowd will pass it along to the connected application without any modifications.

      + GroupProject1
      ++ aduser003
      ++ GroupTeam1
      +++ aduser001
      +++ aduser002

      This forces the connected application to be aware of nested groups and still perform expensive operations to accomplish its tasks.

      Suggested Solution

      When nested groups is enabled in Crowd, there could be a configuration to always pass along to the connected applications a flattened groups memberships in a way that the connected application isn't aware the nested groups configuration exists.

      In the previous example, instead of passing the hierarchy below

      + GroupProject1
      ++ aduser003
      ++ GroupTeam1
      +++ aduser001
      +++ aduser002

      Crowd could send a flattened list of users x groups memberships as below

      + GroupProject1
      ++ aduser003
      ++ aduser001
      ++ aduser002

      + GroupTeam1
      ++ aduser001
      ++ aduser002

      This would relief the connected application from expensive nested groups calculation, leaving this task to Crowd when Synchronization occurs.

      Workaround

      There's no workaround so far.

            [CWD-5410] When nested groups are enabled, provide flattened groups' membership when synchronizing with connected applications

            Aakrity Tibrewal (Inactive) made changes -
            Resolution New: Low Engagement [ 10300 ]
            Status Original: Gathering Interest [ 11772 ] New: Closed [ 6 ]
            Aakrity Tibrewal (Inactive) made changes -
            Labels Original: embedded-crowd nested_groups pse-request New: cleanup-seos-fy25 embedded-crowd nested_groups pse-request
            SET Analytics Bot made changes -
            Support reference count New: 2
            Katherine Yabut made changes -
            Workflow Original: JAC Suggestion Workflow [ 3387859 ] New: JAC Suggestion Workflow 3 [ 3629726 ]
            Monique Khairuliana (Inactive) made changes -
            Workflow Original: Simplified Crowd Development Workflow v2 [ 3235145 ] New: JAC Suggestion Workflow [ 3387859 ]
            Issue Type Original: Improvement [ 4 ] New: Suggestion [ 10000 ]
            Status Original: Open [ 1 ] New: Gathering Interest [ 11772 ]
            Thiago Masutti (Inactive) made changes -
            Link New: This issue is related to CWD-4942 [ CWD-4942 ]
            Thiago Masutti (Inactive) made changes -
            Labels Original: nested_groups pse-request New: embedded-crowd nested_groups pse-request
            Thiago Masutti (Inactive) created issue -

              Unassigned Unassigned
              tmasutti Thiago Masutti (Inactive)
              Votes:
              2 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: