Can I restore bamboo_admin global permissions as a root user in Linux? Edited

Hi,

I'm using Jira for external user and group management in Bamboo Server 6.2.2 and have accidentally removed bamboo_admin from global permissions groups settings.

As a result, I am now unable to administer the application, even though my user is part of the bamboo_admin group defined in Jira.

I am using the internal database (this is for evaluation purposes).

When logged into my Linux machine with root access, is there a way that I can either reset to use local users and groups again so I can fix this, or to somehow re-assign bamboo_admin with global admin permissions?

If not possible with the internal DB, is this possible if using an external DB?

Many thanks,
Mike.

1 answer

1 accepted

Hey Mike, since you removed the "bamboo-admin" group from the Global Permissions in Bamboo the only way to recover access would be to update the database and add the group back there (or any other user/group to be honest). We usually recommend users to set up an external database as they're easier to access/manage compared to the HSQL db.

You can still perform changes to the HSQL db if you really need to, it's just a little bit more complex/painful:

Either way, if you're just testing things out I'd still recommend you to set up an external db. As to the actual problem. Once you have access to the database, you can use the following query to check what is the ID of the entry for the Global Permission level in the ACL_OBJECT_IDENTITY table:

select ID
from ACL_OBJECT_IDENTITY
where OBJECT_ID_CLASS = 'com.atlassian.bamboo.security.GlobalApplicationSecureObject';

This will give you an ID (e.g. 98305).

With that ID in hands you can check if there are any other local groups with Admin access to Bamboo:

select *
from ACL_ENTRY AE
join GROUPS G
on AE.SID = G.GROUPNAME
and AE.ACL_OBJECT_IDENTITY = '<ID>'
where AE.MASK = '16';

Please replace <ID> with the actual ID from the first query. The reason why we need to use that ID number is because this is how we flag that the permission is Global, and not, for example, at the plan level.

You can also check if any other local users have been granted with Admin permission:

select *
from ACL_ENTRY AE
join USERS U
on AE.SID = U.NAME
and AE.ACL_OBJECT_IDENTITY = '<ID>'
where AE.MASK = '16';

Once again, remember to replace <ID> with the actual value. Perhaps someone else has Admin permissions.

If not, the easiest route here would be to just give the "bamboo-admin" group Admin access again. Assuming that a) you have not deleted/removed the group, b) you have not renamed it and c) you still belong to it:

insert 
into ACL_ENTRY (id,acl_object_identity,type,sid,ace_order,mask,granting,audit_success,audit_failure)
values ('666666','<ID>','GROUP_PRINCIPAL','bamboo-admin','0','16','t','f','f');

Remember to replace <ID> one more time.

PS 1: You might be wondering what's the deal with that mask 16. This is what defines the level of permission for the Global Permission type in the ACL_OBJECT_IDENTITY table (i.e. 16 = Admin).

PS 2: If you need to switch back to using the internal Bamboo user repository please take a look at the Workaround section here: https://confluence.atlassian.com/bamkb/bamboo-lost-connection-to-the-external-user-directory-preventing-users-from-logging-in-678691207.html

Thanks for the detailed response Bruno - I'll take a look!

Suggest an answer

Log in or Join to answer
Community showcase
Renan Battaglin
Published May 18, 2017 in Bamboo

FAQ: How to Upgrade Bamboo Server

Bamboo 5.9 will no longer be supported after June 12, 2017. What does this mean? As part of our End of Life policy, Atlassian supports major versions for two years after the first major iteratio...

1,096 views 0 5
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you
Atlassian Team Tour

Join us on the Team Tour

We're bringing product updates and pro tips on teamwork to ten cities around the world.

Save your spot