Uploaded image for project: 'FishEye'
  1. FishEye
  2. FE-6522

Crowd users not allowed to authenticate are pulled in as normal users

XMLWordPrintable

    • Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

      Summary

      When synchronizing with a Crowd user directory (or a JIRA user directory), all users regardless of group affiliation are pulled into FishEye. Even users not allowed to authenticate in remote Crowd will still be migrated, FishEye/Crucible won't be able to distinguish them from "standard" users - they would still occupy licence slots, others would be able to pick them as reviewers etc.

      Steps to Reproduce

      1. In Crowd: Add an "Application" called "fisheye". (Leave "Allow all users to authenticate" unchecked)
      2. In Crowd: Add a Group called "fisheye-users".
      3. In Crowd Administration >> Applications >> FishEye >> Groups: Add the group "fisheye-users".
      4. In Crowd: Add a user called "not-fecru1" with no group affiliation.
      5. In FishEye: Synchronize user directory with Crowd.
      6. In FishEye: Go to Administration >> Users.

      Notes

      • This needs to be fixed on Crowd side – see CWD-1263
      • The users not belonging to a group who can access FishEye/Crucible will have a lozenge saying "NO ACCESS" next to their user name.
      • Both in Crowd and JIRA directory cases all users will be synchronized and they might occupy license slots if they end up with effectively granted global permission (either assigned individually or through group membership). That said, as there is no "Allow all users to authenticate" flag in JIRA, that is expected for JIRA-originating users, but might be surprising for Crowd, where one could expect only a subset of users to be synchronized
      • Due to CWD-3025 there is currently no way to assign a Crowd-originating user to local FeCru group

      Workarounds

      • Create dedicated group(s) in Crowd, add only selected users to the group(s) and grant login access only to those groups via FeCru global permissions. This requires one to have admin access to Crowd.
      • Assign users' login access rights individually via FeCru global permissions. 

        1. screenshot-1.png
          screenshot-1.png
          11 kB
        2. image-2016-11-14-11-47-23-005.png
          image-2016-11-14-11-47-23-005.png
          58 kB
        3. image-2016-11-14-11-42-40-508.png
          image-2016-11-14-11-42-40-508.png
          44 kB
        4. image-2016-11-14-11-40-44-233.png
          image-2016-11-14-11-40-44-233.png
          36 kB
        5. FishEye - Users.jpg
          FishEye - Users.jpg
          144 kB
        6. Crowd - Users - not-fecru1 - Groups.jpg
          Crowd - Users - not-fecru1 - Groups.jpg
          84 kB
        7. Crowd - Application - FishEye - Groups.jpg
          Crowd - Application - FishEye - Groups.jpg
          106 kB

              Unassigned Unassigned
              abromberg Aaron Bromberg (Inactive)
              Votes:
              1 Vote for this issue
              Watchers:
              8 Start watching this issue

                Created:
                Updated: