Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Celebration

Earn badges and make progress

You're on your way to the next level! Join the Kudos program to earn points and save your progress.

Deleted user Avatar
Deleted user

Level 1: Seed

25 / 150 points

Next: Root

Avatar

1 badge earned

Collect

Participate in fun challenges

Challenges come and go, but your rewards stay with you. Do more to earn more!

Challenges
Coins

Gift kudos to your peers

What goes around comes around! Share the love by gifting kudos to your peers.

Recognition
Ribbon

Rise up in the ranks

Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!

Leaderboard

Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
4,467,419
Community Members
 
Community Events
177
Community Groups

Scriptrunner for Confluence: remove unknown users from space permissions

The SpacePermissionManager has a method to retrieve a collection of users that have the  VIEWSPACE_PERMISSION but unknown users (deleted via Active Directory for instance) are not retrievable. 

Is there a way to clean these spaces with Scriptrunner? 

1 answer

Hi Patrick,

As far as I am aware deleted users also have their permissions removed, so they would not be retrievable through the SpacePermissionManager methods.

In what way do you need to clean the spaces?

Kind regards,
Tony

Hi Tony,

Thanks for taking the time to answer my question.

I've made a script that would add members of a specific group to individual user permissions where that's currently used in space permissions. This to allow space administrators to have a better overview of who can do what within their space.

WIthin this script I'm cleaning up the groups after all the single users have been copied over. I notice that for many spaces that have been created by users that have now left the company, their name is still present as space administrator. Something I'd like to remove with this script as well. 

Like WW likes this
WW Rising Star Jan 03, 2022

Users who are removed from Active Directory, like those who have left a company, retain space permissions.  They are listed as "Unknown user (hisUsername)."

I, too, would like to be able to do a cleanup of these users since they should no longer have permissions to Confluence spaces.

I did find the article: How to get a list of all "Unknown User" in Confluence, but I did not get any results from the query shown.  I used an Unknown user's username, that I found in a space's permissions, in the altered SQL statement below:

SELECT * 
FROM user_mapping as um
INNER JOIN SPACEPERMISSIONS as sp ON um.user_key = sp.PERMUSERNAME
INNER JOIN cwd_user as cu ON um.username = cu.user_name
WHERE um.username = 'hisUsername'

I saw that the user is listed as active='T', credential='nopass', and externalId started with a DirectoryId and a colon.  For example, 12345: looooooonguserkey.

I tried doing a query on credential = 'nopass', but I got some results for users who were active.

I also tried doing a query on INSTR(external_id,':') > 0, but I think external_id and credential might be related to having access in another directory or instance or who knows.

I can't seem to find a field or table join that somehow identifies the users as "Unknown."  If I could figure that out, then I could write a script.  Maybe as soon as I post this reply, I'll find it. ;)

Since your post was a couple of years ago, I'd like to know if you found a solution for this problem.

Suggest an answer

Log in or Sign up to answer
TAGS

Atlassian Community Events