709e413e46
While for role memberships, it is true that they are only applied for _direct_ memberships, this does not appear to be the case for attributes (which is good as this also follows the "Hierarchy" system documented in the same file). In terms of the implementation, this is the case due to the call to `all_groups()` in3d5a189fa7/authentik/core/models.py (L312-L313), introduced in https://github.com/goauthentik/authentik/pull/6017. Looking through the files in there, it is clear that this line in the documentation is from before that point:95e60a035d/website/docs/user-group/group.md (L15). tl;dr: the documentation was correct before #6017, but is now out of date. This change fixes that. Signed-off-by: Zuri Klaschka <pklaschka@users.noreply.github.com>
17 lines
478 B
Plaintext
17 lines
478 B
Plaintext
---
|
|
title: About groups
|
|
description: Learn about groups in authentik
|
|
---
|
|
|
|
## Hierarchy
|
|
|
|
Groups can be children of another group. Members of children groups are effective members of the parent group.
|
|
|
|
When you bind a group to an application or flow, any members of any child group of the selected group will have access.
|
|
|
|
Recursion is limited to 20 levels to prevent deadlocks.
|
|
|
|
## Attributes
|
|
|
|
Attributes of groups are recursively merged, for all groups the user is a member of.
|