If the creation or conversion does not work, you may check if every user directory is available. The Space Privacy Plugin uses a Confluence mechanism, which requires a valid connection to all user directories. As a workaround you may disable the broken user directory temporarily.
Required user directory permissions
The Space Privacy plugin requires special user directory permissions to assign users to an Extranet Space.
In the Space Privacy standard permission concept, every extranet user (assigned or created) has to be added to certain groups. This means, if the user directory of a user does not permit to add, modify and remove groups the user can't be added and an error message will be shown.
Check user directory permission
After installing Space Privacy 2.0 you will get a message, which shows the status of your user directories. By clicking the link 'Check user directory permissions' or opening '<base-url>/admin/plugins/extranet/cleanup/overview.action#user-directory-permissions' you'll see a detailed overview of your user directories and if they are compatible with Space Privacy.
You'll either get
- a success message, if every user directory grants the required permissions
- a warning, if not all user directories grant the required permissions (see screenshot)
- an error, if no user directory grants the required permissions at all
Every user directory grants the required permissions
Congratulations, Space Privacy will work as expected!
Not all user directories grant the required permissions
This must not to be a problem in principle. As long as you only assign users from "writable" user directories, Space Privacy works fine. If you allow to create extranet users, make sure the newly created users won't be also stored in a "read only" directory.
If you experince problems assigning or creating extranet users, which might relate to user directory problems, have a look at the next section.
No user directory grants the required permissions at all
With this configuration Space Privacy will not work by default.
There are two options to fix this:
- Change the permissions of the user directories, which are marked as 'read only' (next section)
- Change the permission concept to 'single permissions'
Change User Directoy Permissions
As seen in the previous section, we added a check that tests every assigned user directory and gives you detailed information about their state. So depending on your user directory you have grant the group permissions.
You find more information about user directories here: Configuring User Directories
Confluence Internal Directory
This is the very basic directory of Confluence and it is not recommended by Atlassian to disable it. Nevertheless, if enabled, this user directory is never a problem with Space Privacy, as it always grants the required permissions.
If there's a LDAP connected to your Confluence, you should edit the directory and set the 'Read only, with Local Groups' options. By default 'Read Only' is set.
Please notice, that this option is not necessary if you use "Internal with LDAP-Authentication".
Jira Servers / Crowd
For Jira Servers or Atlassian Crowd there’s no option “Read Only, with Local Groups”. In this case the configuration consists of 2 steps.
Firstly the option “Read/Write” has to be set for the user directory (Jira server or Atlassian Crowd). Secondly the option “Read Only, with Local Groups” has to be configured in the tethered user directory.
Allow local groups
Add group permissions (add, modify and remove)
- No labels