Support nested groups

Type atlassian
Modified 2017-02-17T05:07:17


{panel:title=Resolved in Confluence 3.5|borderStyle=solid|borderColor=#3C78B5|titleBGColor=#3C78B5|bgColor=#E7F4FA} We are pleased to advise that support for nested groups is available in Confluence 3.5. You can find instructions on how to configure nested groups in our documentation:

  • [Configuring User Directories|]

More information about the great new features available with the release of Confluence 3.5 can be found in [the release notes|]. Thanks for your interest and support of Confluence. {panel}

Currently in Atlassian-user, groups can only include users, not other groups. Support for nested groups would allow groups to contain other groups.

For example, consider the following simplified LDAP records:

dn: cn=sales,ou=groups cn: sales member: cn=salesman,ou=users

dn: cn=staff,ou=groups cn: staff member: cn=ceo,ou=users member: cn=sales,ou=groups

In this example, the group 'sales' is a group containing just a single user, 'salesman'. However, the 'staff' group contains both the user 'ceo' and the group 'sales'.

In Atlassian-user, implementing nested groups would mean that 'salesman' would be a member of both 'sales' and 'staff' in the above scenario. Atlassian-user should also recognise that both users and groups can be members of a group, especially when listing the membership information for a group. (That is, a list of the members of 'staff' should have two entries: an entry for the 'ceo' user and an entry for the 'sales' group. The membership should not automatically be condensed into a list of two users.)

In applications, permissions granted to the 'staff' group should apply to both 'salesman' and 'ceo'. Additionally, any new users added to 'sales' should automatically gain these permissions.