-
Suggestion
-
Resolution: Won't Fix
-
None
-
None
-
5
-
Hi folks,
Thanks for your continued support and feedback, we wanted to give you an update on the status of this issue.
Over the medium term, the direction we're taking with Crowd is to focus on scalability, reliability and performance. Unfortunately, it means that this feature is unlikely to be included in any near-term improvements to the product, as workflows and management don't align with our future direction.
We've decided to close this issue because we feel that by leaving it open, there's undue expectation that the issue is being actively worked on, and we don't want to give you the wrong information. We are aware of the issue, and recognise that it is something that needs to be done, however, it's unrealistic that it will ship within the next 18 months.
Regards,
Eugene
Atlassian Product Management
Give certain users the ability to modify/edit specific repositories, applications and other sections of the administration console.
Please vote, or provide use cases for your needs.
![[Extranet] Page](/images/icons/generic_link_16.png "[Extranet] Page"){kind=icon}
[CWD-57] Security Provisioning in the Administration Console
Steve Roughton
added a comment - Crowd manages groups and roles for other applications. Can it not use its own infrastructure to support this feature? Delegated administration would be extremely helpful in large organizations where groups should be able to manage local and application-specific userids, but not view or modify the connectors, remote directories, etc.
Steve Roughton
added a comment - Crowd manages groups and roles for other applications. Can it not use its own infrastructure to support this feature? Delegated administration would be extremely helpful in large organizations where groups should be able to manage local and application-specific userids, but not view or modify the connectors, remote directories, etc. 
Matt Goonan
added a comment - a big +1 for delegated administration! 
David O'Flynn [Atlassian]
added a comment - We're not going to be able to tackle this for the 2.0 release. To implement it properly, we'll have to significantly enhance our Role-Based Access Control (CWD-931), and that makes this feature too large to fit into the 2.0 release.
Apologies for the delay.
David O'Flynn [Atlassian]
added a comment - We're not going to be able to tackle this for the 2.0 release. To implement it properly, we'll have to significantly enhance our Role-Based Access Control ( CWD-931 ), and that makes this feature too large to fit into the 2.0 release.
Apologies for the delay. This is pretty crucial for us at Cornell as well. We currently are in a pretty good delegated administration model in Confluence, our largest installation, with the use of the Custom Space User Management plugin (delegating user creation and group membership administration for a predetermined set of groups per space). However, it sounds like if we implement Crowd to consolidate Confluence and JIRA user management, we may actually go backwards and lose this delegated administration capability we already have in Confluence.
David O'Flynn [Atlassian]
added a comment - Fixed Graham's comment Sorry about above. Textile borked my comment a bit. Ignore the strikethrough 
Just to let everyone know where we're at, and I think what we're doing would be doable in the Crowd console someday...
We're writing a webapp to do some common management tasks in Crowd, particularly bulk adding of users to a group (as opposed to groups to a user). We're limiting access based on a naming scheme, but an even better way would be to do so with ACLs.
All our groups and have a prefix, eg: CROWD-administrators, CROWD-users, JIRA-administrators, JIRA-users, MYAPP-administrators, MYAPP-users, etc. Our app grants access for a user to manage all group memberships beginning with the prefix if the user is in a -managers group. So a user in the MYAPP-managers group has access in our app to manage memberships to all the groups beginning with MYAPP-. A user in the MYAPP-administrators group can create and delete groups beginning with the MYAPP- prefix, as well as manage memberships. Users don't even see groups with a prefix to which they don't belong to the managers or administrators group.
It's a simple convention that allows us to quickly delegate users to manage memberships. Because we are using Crowd for authorization as well as authentication, each of our in-house applications has -administrators, and -users groups (among others) and by using a prefix we can easily fish out the groups pertinent to a particular application in a hurry. (This also is a poor man's way of giving a hierarchy to the list of groups.)
As I said, ACLs would be deluxe, but following some conventions can get you by until something like that gets done.
Jeff Sussna
added a comment - I would like to use Crowd to manage access for customers accessing my website. Customers need the ability to add/remove their own users.
Jeff Sussna
added a comment - I would like to use Crowd to manage access for customers accessing my website. Customers need the ability to add/remove their own users. We're likely going to write a quick webapp to implement something like this for our org, but I think it's definitely something that should be considered for addition natively to Crowd. It would be quite a feather in Crowd's cap, along with nested groups/roles.
Like you guys don't have enough on your plate already 
Hi everyone,
Just letting you know that we've updated the current Atlassian status in the description of this issue, and you should go check it out!
Eugene Mak
Atlassian Product Management