Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Scriptrunner for Confluence: remove unknown users from space permissions

The SpacePermissionManager has a method to retrieve a collection of users that have the  VIEWSPACE_PERMISSION but unknown users (deleted via Active Directory for instance) are not retrievable. 

Is there a way to clean these spaces with Scriptrunner? 

1 answer

Hi Patrick,

As far as I am aware deleted users also have their permissions removed, so they would not be retrievable through the SpacePermissionManager methods.

In what way do you need to clean the spaces?

Kind regards,
Tony

Hi Tony,

Thanks for taking the time to answer my question.

I've made a script that would add members of a specific group to individual user permissions where that's currently used in space permissions. This to allow space administrators to have a better overview of who can do what within their space.

WIthin this script I'm cleaning up the groups after all the single users have been copied over. I notice that for many spaces that have been created by users that have now left the company, their name is still present as space administrator. Something I'd like to remove with this script as well. 

Like WW likes this

Users who are removed from Active Directory, like those who have left a company, retain space permissions.  They are listed as "Unknown user (hisUsername)."

I, too, would like to be able to do a cleanup of these users since they should no longer have permissions to Confluence spaces.

I did find the article: How to get a list of all "Unknown User" in Confluence, but I did not get any results from the query shown.  I used an Unknown user's username, that I found in a space's permissions, in the altered SQL statement below:

SELECT * 
FROM user_mapping as um
INNER JOIN SPACEPERMISSIONS as sp ON um.user_key = sp.PERMUSERNAME
INNER JOIN cwd_user as cu ON um.username = cu.user_name
WHERE um.username = 'hisUsername'

I saw that the user is listed as active='T', credential='nopass', and externalId started with a DirectoryId and a colon.  For example, 12345: looooooonguserkey.

I tried doing a query on credential = 'nopass', but I got some results for users who were active.

I also tried doing a query on INSTR(external_id,':') > 0, but I think external_id and credential might be related to having access in another directory or instance or who knows.

I can't seem to find a field or table join that somehow identifies the users as "Unknown."  If I could figure that out, then I could write a script.  Maybe as soon as I post this reply, I'll find it. ;)

Since your post was a couple of years ago, I'd like to know if you found a solution for this problem.

Suggest an answer

Log in or Sign up to answer
TAGS
Community showcase
Published in Jira

Do you use Jira Cloud with Microsoft Teams?

Hi, Jira users! Do you use Jira alongside Microsoft Teams? We want to hear how you’ve used the power of Jira Cloud and Microsoft Teams (via the Jira Cloud for Microsoft Teams app) to achieve a team...

236 views 1 5
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you