Currently, when a new directory is added to Crowd, admin can specific the directory permission (Directory level). When the admin add a new application and include the created directory, the application level directory permission will have the same set of permission with the directory level.
- Application level directory permission (Application >> permission tab for the application in Crowd)
- Directory level permission (Directory >> permission tab for the directory in crowd)
Admin would prefer the application level directory to set as none/read only by default instead of following the directory level permission to avoid situation where all application that using the directory is able to create user if directory level is set to full permission.
Instead of configure the application level directory permission to follow the directory level permission, set it to none/read only by default and allow admin to change it when needed.