Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Next challenges

Recent achievements

  • Global
  • Personal

Recognition

  • Give kudos
  • Received
  • Given

Leaderboard

  • Global

Trophy case

Kudos (beta program)

Kudos logo

You've been invited into the Kudos (beta program) private group. Chat with others in the program, or give feedback to Atlassian.

View group

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Instance health - Internal administrator user error - I have an internal admin account

Jonathan Smith Community Leader Apr 24, 2018

Hi all,

  Confluence thinks I don't have an internal admin user, but I do have one... This is the only account in the internal directory. Any idea how I can get Confluence to recognize the admin account so I can make my health check happy?

Result

Confluence has an enabled internal user directory, however its administrator account does not exist or is disabled

adminpic.jpg

 

3 answers

2 accepted

3 votes
Answer accepted
Jonathan Smith Community Leader May 15, 2018

@Alfredo Negrete 

  1. Navigate to global permissions
  2. Add your admin account to the individual users section.

admin.jpg

This is the only solution that worked for us.

1 vote
Answer accepted
AnnWorley Atlassian Team May 02, 2018

For Jonathan, the workaround was to explicitly add the internal admin to the System administrator and Confluence administrator permissions in Confluence Admin>Global permissions. That made the internal admin pass the health check.

Since the Confluence-administrators group from LDAP was in the global permissions, somehow confluence-administrators was not being seen by the health check as a super group so the members were not considered internal admins. I have opened a ticket internally to address either the documentation or the health check, since there is a discrepancy in the behavior versus the doc.

I'm getting the same error...I'm not following what you did to fix the issue.

0 votes
AnnWorley Atlassian Team Apr 24, 2018

Hi Jonathan,

Please make sure the internal admin user is a member of the confluence-administrators group as that membership makes the account a super user, as mentioned in Confluence Admin Permission Levels Explained:

The confluence-administrators group defines a set of "super users" who can access the Administration Console and perform site-wide administration. Members of this group can also see the content of all pages and spaces in the Confluence instance, regardless of space permissions.

I look forward to hearing whether the internal admin is an admin or just internal. ;)

Thanks,

Ann

Jonathan Smith Community Leader Apr 25, 2018

For the admin account:

  • Directory = Internal
  • Group membership = confluence-administrators and confluence-users

Notes:

  • My User Directory configuration has Active Directory on top of Internal Directory.
  • We have an AD group called Confluence-administrators. Confluence-administrators is added in the global permissions.
  • Local group = confluence-administrators
  • I found groups to be case sensitive during group name changes in AD.

Assumptions:

AD is trumping Internal directory. Internal directory groups kick in when I manually log in as admin (because I can do sys admin content with this account).

I can't add confluence-administrators to global permissions because the AD one is named the same.

Thoughts on a potential fix?

Rename the AD Confluence-administrators group to something different. See if I can then add the local confluence-administrators group to global permissions?

I am not sure if local groups will pop in the group selection since AD is on top of local directory.

AnnWorley Atlassian Team Apr 25, 2018

Based on Comparing the confluence-administrators group with the administrator permissions, if the admin account is part of the confluence-administrators local group, the health check should not be failing:

You can't change the global permissions granted to the confluence-administrators group. If you don't want your admins to be able to see all spaces and restricted pages, you can create a new group, and grant that group the Confluence administrator and system administrator global permissions.

So that we can take a closer look at your logs and configuration files I have opened a support request on your behalf. After it is resolved we can circle back to update this thread.

Suggest an answer

Log in or Sign up to answer
TAGS
Community showcase
Posted in Confluence

What do you think is the most *delightful* Confluence feature? Comment for a prize!

- Create your own custom emoji 🔥 - "Shake for Feedback" on mobile 📱 - An endless supply of GIFs via GIPHY 🤩 Is there anything quite as nice as a pleasant surprise? Comment below with what...

402 views 23 8
Join discussion

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you