Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

How to stop editing group memberships on Bamboo

Tero Laihia
Tero Laihia December 6, 2017

We have Confluence (6.2.4), Jira (7.4.0), Bitbucket (5.2.0) and Bamboo (6.0.3). All are using Jira as base user directory for all users and groups.

In Confluence we can allow user to have admin rights but he can't edit group memberships.

Same in Bitbucket, a bitbucket-admin level user can't edit group memberships.

But in Bamboo user with bamboo-admin level permissions can edit group memberships inside Bamboo. He can insert himself to all groups found from Jira. And when all user directories have been syncronized, he has gained full access to everything everywhere.

Why is Bamboo not using read-only user directory, or is there a way to block this behaviour in Bamboo, or has there been update to address this somewhere between 6.0.3 to 6.2.3?

Answer
Watch
Like Be the first to like this
527 views

1 answer

1 accepted

1 vote
Answer accepted
robhit
robhit
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
December 7, 2017

Hi Tero,

 

Yes, you can achieve it in Bamboo. Go to "Bamboo Administration >> Security Settings (Under SECURITY)" and enable the option "Read-only external user management?".

 

Thanks!

View More Comments
Tero Laihia
Tero Laihia December 7, 2017

Great, thanks for answer!

The only problem now is that "Read-only external user management?" option is currently disabled, ie it is only showing red stop sign over it, and it can't be selected/deselected at all. Any way to override that, maybe from some xml file?

Like
robhit
robhit
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
December 7, 2017

Did you click on the "Edit" button (available down on the same page) first?

Like
Tero Laihia
Tero Laihia December 7, 2017

Nope i did not because my brains apparently read that as a "Save" button due to its location. Thanks, that worked.

Admins can of course always turn that off again, make group changes and do the user directory synch.

But that could be fixed using Restricted Administrator Role found from same options. Once we assigned only that role to our old admin-level users, they manage to configure bamboo in needed way and can't edit the user groups any more.

Thanks for answers and pointing us to obvious road!

Like
Reply

Suggest an answer

Log in or Sign up to answer
Bamboo
Bamboo
TAGS
AUG Leaders

Atlassian Community Events

    See all events