You're on your way to the next level! Join the Kudos program to earn points and save your progress.
Level 1: Seed
25 / 150 points
1 badge earned
Challenges come and go, but your rewards stay with you. Do more to earn more!
What goes around comes around! Share the love by gifting kudos to your peers.
Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!
Join now to unlock these features and more
I've been asked to look at Crowd to replace our current access control mechanism.
I'm having some trouble getting my head around how we can use Crowd to meet our requirements so would appreciate some advice about how to model this in Crowd.
Our current access control is based on a matrix of groups, users and permissions. We have 5,000 users about 1,000 groups and each group has 7 permissions; ADMIN, MANAGE, FWD, RWD, TYPE, VIEW, READONLY. The ADMIN permission is special as it means this user can add/change/remove users in this group, all the other permissions are meaningful to what our application allows users to do.
So for example, for GROUP_999:
These users can also have different permissions on other groups too.
Crowd seems to allow use to manage users and groups but does not seems to allow us the level we need for what we’re calling permissions. I can see that we could create 7 groups for each of our application groups (GROUP_999_ADMIN, GROUP_999_MANAGE, GROUP_999_FWD, etc) but that seems clunky.
Crowd does not provide permissions to applications. Crowd is a user, group and memberships which are then sycned to the applications linked to it. It is up to the applications that link to Crowd to apply the permissions.
Thanks for the quick answer, I suspected as much & good to know I wasn't missing something.
So to confirm my understanding, using the example above, I can use Crowd to lookup user/principle Bob and see that he belongs to the group GROUP_999.
But then it is up to my application to determine what Bob is allowed to do in GROUP_999.