User management limitations

In our prooduction environment, Stash and AD are integrated to manage users.

Are there any limitations with Stash when integrated ? What kind of application maintenance ( clean-up ) needs to be performed when a user is removed ( at the time of leaving the organization ) from AD ?

Please advise. Thanks

2 answers

1 accepted

Hi Shravanakumar,

I'm not quite sure what you mean by limitations? FWIW we use the same embedded version of Crowd that is used by Confluence and JIRA, so most documentation and questions on Answers related to user management are just as applicable to Stash.

But certainly in terms of cleanup you shouldn't need to do anything. One thing to note - we don't remove personal repositories when users are deleted, as they may contain critical data.

I can't think of anything else that might be of interest. Did you have any particular concerns?

Charles

well, we have mail notification hook in stash where users are registered for getting e-mails whenever push happens. So, when a person is removed from AD at the time of leaving the organization, we will clean the user in respective hooks so that mails will not be bounced back to the system.

This was just one instance we came across. Are there any such maintenance activities we need to perform else where in Stash so that we have clean system.

There are some limitations with JIRA when integrated with AD. for example: when a user is removed from AD, we can't search for issues which are owned the user as the user does not exist in JIRA. With reference to this, I was asking, Are there any such limitation with Stash ?

Let me know, if you need additional details.

Sorry for the delay.

It sounds like the notification hook was a custom plugin? Ideally plugins should be listening for UserCleanupEvent and unregistering them at that point. That's certainly what we do internally.

That said, Stash has a slightly different approach to users than Confluence/JIRA, we never completely remove Stash user rows, and so it should always be possible to view data from a deleted user (eg. pull requests).

Let me know if you run into any problems counter to that claim.

But ...

... if a licensed user leaves your organization there is no easy way to free the license within Stash.

(see: https://answers.atlassian.com/questions/195495/freeing-unused-stash-licensesand https://jira.atlassian.com/browse/STASH-3706):Each user eats up a license - the license can not be reused if the user leaves (at least nobody has shown yet a way to allow this)

Hi Johannes,

Thanks for the reminder.

Although, that depends on your definition of "leave". If the user is no longer in your AD directory, or is at least removed from the AD groups that are being used by Stash, then it's not a problem is it? That's what I thought Shravanakumar was asking about.

Charles

As AD is not in my hands (and our AD administration never seems to remove any members from AD), I cannot test, whether the user-license is freed ...

All I see is, that I cannot free unused licenses ...

Suggest an answer

Log in or Sign up to answer
How to earn badges on the Atlassian Community

How to earn badges on the Atlassian Community

Badges are a great way to show off community activity, whether you’re a newbie or a Champion.

Learn more
Community showcase
Posted Jun 12, 2018 in Bitbucket

Do you use any Atlassian products for your personal projects?

After spinning my wheels trying to get organized enough to write a book for National Novel Writing Month (NaNoWriMo) I took my affinity for Atlassian products from my work life and decided to tr...

28,229 views 26 12
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you