The SpacePermissionManager has a method to retrieve a collection of users that have the VIEWSPACE_PERMISSION but unknown users (deleted via Active Directory for instance) are not retrievable.
Is there a way to clean these spaces with Scriptrunner?
Hi Patrick,
As far as I am aware deleted users also have their permissions removed, so they would not be retrievable through the SpacePermissionManager methods.
In what way do you need to clean the spaces?
Kind regards,
Tony
Hi Tony,
Thanks for taking the time to answer my question.
I've made a script that would add members of a specific group to individual user permissions where that's currently used in space permissions. This to allow space administrators to have a better overview of who can do what within their space.
WIthin this script I'm cleaning up the groups after all the single users have been copied over. I notice that for many spaces that have been created by users that have now left the company, their name is still present as space administrator. Something I'd like to remove with this script as well.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Users who are removed from Active Directory, like those who have left a company, retain space permissions. They are listed as "Unknown user (hisUsername)."
I, too, would like to be able to do a cleanup of these users since they should no longer have permissions to Confluence spaces.
I did find the article: How to get a list of all "Unknown User" in Confluence, but I did not get any results from the query shown. I used an Unknown user's username, that I found in a space's permissions, in the altered SQL statement below:
SELECT *
FROM user_mapping as um
INNER JOIN SPACEPERMISSIONS as sp ON um.user_key = sp.PERMUSERNAME
INNER JOIN cwd_user as cu ON um.username = cu.user_name
WHERE um.username = 'hisUsername'
I saw that the user is listed as active='T', credential='nopass', and externalId started with a DirectoryId and a colon. For example, 12345: looooooonguserkey.
I tried doing a query on credential = 'nopass', but I got some results for users who were active.
I also tried doing a query on INSTR(external_id,':') > 0, but I think external_id and credential might be related to having access in another directory or instance or who knows.
I can't seem to find a field or table join that somehow identifies the users as "Unknown." If I could figure that out, then I could write a script. Maybe as soon as I post this reply, I'll find it. ;)
Since your post was a couple of years ago, I'd like to know if you found a solution for this problem.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.