Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Next challenges

Recent achievements

Recognition

  • Give kudos
  • My kudos

Leaderboard

  • Global

Trophy case

Kudos (beta program)

Kudos logo

You've been invited into the Kudos (beta program) private group. Chat with others in the program, or give feedback to Atlassian.

View group

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Can I restore bamboo_admin global permissions as a root user in Linux? Edited

Hi,

I'm using Jira for external user and group management in Bamboo Server 6.2.2 and have accidentally removed bamboo_admin from global permissions groups settings.

As a result, I am now unable to administer the application, even though my user is part of the bamboo_admin group defined in Jira.

I am using the internal database (this is for evaluation purposes).

When logged into my Linux machine with root access, is there a way that I can either reset to use local users and groups again so I can fix this, or to somehow re-assign bamboo_admin with global admin permissions?

If not possible with the internal DB, is this possible if using an external DB?

Many thanks,
Mike.

1 answer

1 accepted

1 vote
Answer accepted

Hey Mike, since you removed the "bamboo-admin" group from the Global Permissions in Bamboo the only way to recover access would be to update the database and add the group back there (or any other user/group to be honest). We usually recommend users to set up an external database as they're easier to access/manage compared to the HSQL db.

You can still perform changes to the HSQL db if you really need to, it's just a little bit more complex/painful:

Either way, if you're just testing things out I'd still recommend you to set up an external db. As to the actual problem. Once you have access to the database, you can use the following query to check what is the ID of the entry for the Global Permission level in the ACL_OBJECT_IDENTITY table:

select ID
from ACL_OBJECT_IDENTITY
where OBJECT_ID_CLASS = 'com.atlassian.bamboo.security.GlobalApplicationSecureObject';

This will give you an ID (e.g. 98305).

With that ID in hands you can check if there are any other local groups with Admin access to Bamboo:

select *
from ACL_ENTRY AE
join GROUPS G
on AE.SID = G.GROUPNAME
and AE.ACL_OBJECT_IDENTITY = '<ID>'
where AE.MASK = '16';

Please replace <ID> with the actual ID from the first query. The reason why we need to use that ID number is because this is how we flag that the permission is Global, and not, for example, at the plan level.

You can also check if any other local users have been granted with Admin permission:

select *
from ACL_ENTRY AE
join USERS U
on AE.SID = U.NAME
and AE.ACL_OBJECT_IDENTITY = '<ID>'
where AE.MASK = '16';

Once again, remember to replace <ID> with the actual value. Perhaps someone else has Admin permissions.

If not, the easiest route here would be to just give the "bamboo-admin" group Admin access again. Assuming that a) you have not deleted/removed the group, b) you have not renamed it and c) you still belong to it:

insert 
into ACL_ENTRY (id,acl_object_identity,type,sid,ace_order,mask,granting,audit_success,audit_failure)
values ('666666','<ID>','GROUP_PRINCIPAL','bamboo-admin','0','16','t','f','f');

Remember to replace <ID> one more time.

PS 1: You might be wondering what's the deal with that mask 16. This is what defines the level of permission for the Global Permission type in the ACL_OBJECT_IDENTITY table (i.e. 16 = Admin).

PS 2: If you need to switch back to using the internal Bamboo user repository please take a look at the Workaround section here: https://confluence.atlassian.com/bamkb/bamboo-lost-connection-to-the-external-user-directory-preventing-users-from-logging-in-678691207.html

Thanks for the detailed response Bruno - I'll take a look!

Suggest an answer

Log in or Sign up to answer
TAGS
Community showcase
Published in Bamboo

Bamboo 7.1 is here and is packed with value!

I'm happy to announce that Bamboo 7.1 has been released and it’s overflowing with awesome new features. Top-voted issues First and foremost, a bunch of JAC top voted issues has been delivered - y...

673 views 1 6
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you