Child pages
  • Administration Guide 2.0 - User Directory Configuration
Skip to end of metadata
Go to start of metadata

See the documentation for your Release

The root page Space Privacy - Extranet for Confluence - Documentation could not be found in space Atlassian.

Table of Contents

If the creation or conversion does not work, you may check if every user directory is available. The Space Privacy Plugin uses a Confluence mechanism, which requires a valid connection to all user directories. As a workaround you may disable the broken user directory temporarily.

Required user directory permissions

The Space Privacy plugin requires special user directory permissions to assign users to an Extranet Space.

In the Space Privacy standard permission concept, every extranet user (assigned or created) has to be added to certain groups. This means, if the user directory of a user does not permit to add, modify and remove groups the user can't be added and an error message will be shown.


Check user directory permission

After installing Space Privacy 2.0 you will get a message, which shows the status of your user directories. By clicking the link 'Check user directory permissions' or opening '<base-url>/admin/plugins/extranet/cleanup/overview.action#user-directory-permissions' you'll see a detailed overview of your user directories and if they are compatible with Space Privacy.

You'll either get

  1. (tick) a success message, if every user directory grants the required permissions
  2. (warning) a warning, if not all user directories grant the required permissions (see screenshot)
  3. (error) an error, if no user directory grants the required permissions at all


Every user directory grants the required permissions

Congratulations, Space Privacy will work as expected!

Not all user directories grant the required permissions

This must not to be a problem in principle. As long as you only assign users from "writable" user directories, Space Privacy works fine. If you allow to create extranet users, make sure the newly created users won't be also stored in a "read only" directory.

If you experince problems assigning or creating extranet users, which might relate to user directory problems, have a look at the next section.

No user directory grants the required permissions at all

With this configuration Space Privacy will not work by default.

There are two options to fix this:

  • Change the permissions of the user directories, which are marked as 'read only' (next section)
  • Change the permission concept to 'single permissions'

Change User Directoy Permissions

As seen in the previous section, we added a check that tests every assigned user directory and gives you detailed information about their state. So depending on your user directory you have grant the group permissions.

You find more information about user directories here: Configuring User Directories

Confluence Internal Directory

This is the very basic directory of Confluence and it is not recommended by Atlassian to disable it. Nevertheless, if enabled, this user directory is never a problem with Space Privacy, as it always grants the required permissions.


LDAP

If there's a LDAP connected to your Confluence, you should edit the directory and set the 'Read only, with Local Groups' options. By default 'Read Only' is set.

Please notice, that this option is not necessary if you use "Internal with LDAP-Authentication".

Jira Servers / Crowd

For Jira Servers or Atlassian Crowd there’s no option “Read Only, with Local Groups”. In this case the configuration consists of 2 steps.

Confluence

Firstly the option “Read/Write” has to be set for the user directory (Jira server or Atlassian Crowd). Secondly the option “Read Only, with Local Groups” has to be configured in the tethered user directory.

Crowd

Allow local groups


Add group permissions (add, modify and remove)

  • No labels