Can I restore bamboo_admin global permissions as a root user in Linux? Edited


I'm using Jira for external user and group management in Bamboo Server 6.2.2 and have accidentally removed bamboo_admin from global permissions groups settings.

As a result, I am now unable to administer the application, even though my user is part of the bamboo_admin group defined in Jira.

I am using the internal database (this is for evaluation purposes).

When logged into my Linux machine with root access, is there a way that I can either reset to use local users and groups again so I can fix this, or to somehow re-assign bamboo_admin with global admin permissions?

If not possible with the internal DB, is this possible if using an external DB?

Many thanks,

1 answer

1 accepted

This widget could not be displayed.

Hey Mike, since you removed the "bamboo-admin" group from the Global Permissions in Bamboo the only way to recover access would be to update the database and add the group back there (or any other user/group to be honest). We usually recommend users to set up an external database as they're easier to access/manage compared to the HSQL db.

You can still perform changes to the HSQL db if you really need to, it's just a little bit more complex/painful:

Either way, if you're just testing things out I'd still recommend you to set up an external db. As to the actual problem. Once you have access to the database, you can use the following query to check what is the ID of the entry for the Global Permission level in the ACL_OBJECT_IDENTITY table:

select ID
where OBJECT_ID_CLASS = '';

This will give you an ID (e.g. 98305).

With that ID in hands you can check if there are any other local groups with Admin access to Bamboo:

select *
where AE.MASK = '16';

Please replace <ID> with the actual ID from the first query. The reason why we need to use that ID number is because this is how we flag that the permission is Global, and not, for example, at the plan level.

You can also check if any other local users have been granted with Admin permission:

select *
join USERS U
where AE.MASK = '16';

Once again, remember to replace <ID> with the actual value. Perhaps someone else has Admin permissions.

If not, the easiest route here would be to just give the "bamboo-admin" group Admin access again. Assuming that a) you have not deleted/removed the group, b) you have not renamed it and c) you still belong to it:

into ACL_ENTRY (id,acl_object_identity,type,sid,ace_order,mask,granting,audit_success,audit_failure)
values ('666666','<ID>','GROUP_PRINCIPAL','bamboo-admin','0','16','t','f','f');

Remember to replace <ID> one more time.

PS 1: You might be wondering what's the deal with that mask 16. This is what defines the level of permission for the Global Permission type in the ACL_OBJECT_IDENTITY table (i.e. 16 = Admin).

PS 2: If you need to switch back to using the internal Bamboo user repository please take a look at the Workaround section here:

Thanks for the detailed response Bruno - I'll take a look!

Suggest an answer

Log in or Sign up to answer
Atlassian Summit 2018

Meet the community IRL

Atlassian Summit is an excellent opportunity for in-person support, training, and networking.

Learn more
Community showcase
Published 6 hours ago in Marketplace Apps

The 7 hacks of highly successful automation

...there's anything I've learnt from working, it's that people are lazy! No offense to anyone reading this, but it's true and we can all admit it. The easier you make something for someone, the more...

39 views 0 8
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you