Scriptrunner for Confluence: remove unknown users from space permissions

Patrick van der Rijst
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
March 14, 2019

The SpacePermissionManager has a method to retrieve a collection of users that have the  VIEWSPACE_PERMISSION but unknown users (deleted via Active Directory for instance) are not retrievable. 

Is there a way to clean these spaces with Scriptrunner? 

1 answer

Suggest an answer

Log in or Sign up to answer
0 votes
Tony Gough [Adaptavist]
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
March 29, 2019

Hi Patrick,

As far as I am aware deleted users also have their permissions removed, so they would not be retrievable through the SpacePermissionManager methods.

In what way do you need to clean the spaces?

Kind regards,
Tony

Patrick van der Rijst
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
March 29, 2019

Hi Tony,

Thanks for taking the time to answer my question.

I've made a script that would add members of a specific group to individual user permissions where that's currently used in space permissions. This to allow space administrators to have a better overview of who can do what within their space.

WIthin this script I'm cleaning up the groups after all the single users have been copied over. I notice that for many spaces that have been created by users that have now left the company, their name is still present as space administrator. Something I'd like to remove with this script as well. 

Like WW likes this
WW
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
January 3, 2022

Users who are removed from Active Directory, like those who have left a company, retain space permissions.  They are listed as "Unknown user (hisUsername)."

I, too, would like to be able to do a cleanup of these users since they should no longer have permissions to Confluence spaces.

I did find the article: How to get a list of all "Unknown User" in Confluence, but I did not get any results from the query shown.  I used an Unknown user's username, that I found in a space's permissions, in the altered SQL statement below:

SELECT * 
FROM user_mapping as um
INNER JOIN SPACEPERMISSIONS as sp ON um.user_key = sp.PERMUSERNAME
INNER JOIN cwd_user as cu ON um.username = cu.user_name
WHERE um.username = 'hisUsername'

I saw that the user is listed as active='T', credential='nopass', and externalId started with a DirectoryId and a colon.  For example, 12345: looooooonguserkey.

I tried doing a query on credential = 'nopass', but I got some results for users who were active.

I also tried doing a query on INSTR(external_id,':') > 0, but I think external_id and credential might be related to having access in another directory or instance or who knows.

I can't seem to find a field or table join that somehow identifies the users as "Unknown."  If I could figure that out, then I could write a script.  Maybe as soon as I post this reply, I'll find it. ;)

Since your post was a couple of years ago, I'd like to know if you found a solution for this problem.

TAGS
AUG Leaders

Atlassian Community Events