Can I restore bamboo_admin global permissions as a root user in Linux? Edited


I'm using Jira for external user and group management in Bamboo Server 6.2.2 and have accidentally removed bamboo_admin from global permissions groups settings.

As a result, I am now unable to administer the application, even though my user is part of the bamboo_admin group defined in Jira.

I am using the internal database (this is for evaluation purposes).

When logged into my Linux machine with root access, is there a way that I can either reset to use local users and groups again so I can fix this, or to somehow re-assign bamboo_admin with global admin permissions?

If not possible with the internal DB, is this possible if using an external DB?

Many thanks,

1 answer

1 accepted

1 vote
Accepted answer

Hey Mike, since you removed the "bamboo-admin" group from the Global Permissions in Bamboo the only way to recover access would be to update the database and add the group back there (or any other user/group to be honest). We usually recommend users to set up an external database as they're easier to access/manage compared to the HSQL db.

You can still perform changes to the HSQL db if you really need to, it's just a little bit more complex/painful:

Either way, if you're just testing things out I'd still recommend you to set up an external db. As to the actual problem. Once you have access to the database, you can use the following query to check what is the ID of the entry for the Global Permission level in the ACL_OBJECT_IDENTITY table:

select ID
where OBJECT_ID_CLASS = '';

This will give you an ID (e.g. 98305).

With that ID in hands you can check if there are any other local groups with Admin access to Bamboo:

select *
where AE.MASK = '16';

Please replace <ID> with the actual ID from the first query. The reason why we need to use that ID number is because this is how we flag that the permission is Global, and not, for example, at the plan level.

You can also check if any other local users have been granted with Admin permission:

select *
join USERS U
where AE.MASK = '16';

Once again, remember to replace <ID> with the actual value. Perhaps someone else has Admin permissions.

If not, the easiest route here would be to just give the "bamboo-admin" group Admin access again. Assuming that a) you have not deleted/removed the group, b) you have not renamed it and c) you still belong to it:

into ACL_ENTRY (id,acl_object_identity,type,sid,ace_order,mask,granting,audit_success,audit_failure)
values ('666666','<ID>','GROUP_PRINCIPAL','bamboo-admin','0','16','t','f','f');

Remember to replace <ID> one more time.

PS 1: You might be wondering what's the deal with that mask 16. This is what defines the level of permission for the Global Permission type in the ACL_OBJECT_IDENTITY table (i.e. 16 = Admin).

PS 2: If you need to switch back to using the internal Bamboo user repository please take a look at the Workaround section here:

Thanks for the detailed response Bruno - I'll take a look!

Suggest an answer

Log in or Sign up to answer
Community showcase
Published Wednesday in Jira

Make your Atlassian Cloud products more secure: our NEW admin security guide

Hey admins! I’m Dave, Principal Product Manager here at Atlassian working on our cloud platform and security products. Cloud security is a moving target. As you adopt more products, employees consta...

142 views 0 6
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you