Instance health - Internal administrator user error - I have an internal admin account

Jonathan Smith
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
April 24, 2018

Hi all,

  Confluence thinks I don't have an internal admin user, but I do have one... This is the only account in the internal directory. Any idea how I can get Confluence to recognize the admin account so I can make my health check happy?

Result

Confluence has an enabled internal user directory, however its administrator account does not exist or is disabled

adminpic.jpg

 

3 answers

2 accepted

4 votes
Answer accepted
Jonathan Smith
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
May 15, 2018

@Alfredo Negrete 

  1. Navigate to global permissions
  2. Add your admin account to the individual users section.

admin.jpg

André Lundin November 24, 2019

This is the only solution that worked for us.

2 votes
Answer accepted
AnnWorley
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
May 2, 2018

For Jonathan, the workaround was to explicitly add the internal admin to the System administrator and Confluence administrator permissions in Confluence Admin>Global permissions. That made the internal admin pass the health check.

Since the Confluence-administrators group from LDAP was in the global permissions, somehow confluence-administrators was not being seen by the health check as a super group so the members were not considered internal admins. I have opened a ticket internally to address either the documentation or the health check, since there is a discrepancy in the behavior versus the doc.

Alfredo Negrete May 15, 2018

I'm getting the same error...I'm not following what you did to fix the issue.

0 votes
AnnWorley
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
April 24, 2018

Hi Jonathan,

Please make sure the internal admin user is a member of the confluence-administrators group as that membership makes the account a super user, as mentioned in Confluence Admin Permission Levels Explained:

The confluence-administrators group defines a set of "super users" who can access the Administration Console and perform site-wide administration. Members of this group can also see the content of all pages and spaces in the Confluence instance, regardless of space permissions.

I look forward to hearing whether the internal admin is an admin or just internal. ;)

Thanks,

Ann

Jonathan Smith
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
April 25, 2018

For the admin account:

  • Directory = Internal
  • Group membership = confluence-administrators and confluence-users

Notes:

  • My User Directory configuration has Active Directory on top of Internal Directory.
  • We have an AD group called Confluence-administrators. Confluence-administrators is added in the global permissions.
  • Local group = confluence-administrators
  • I found groups to be case sensitive during group name changes in AD.

Assumptions:

AD is trumping Internal directory. Internal directory groups kick in when I manually log in as admin (because I can do sys admin content with this account).

I can't add confluence-administrators to global permissions because the AD one is named the same.

Thoughts on a potential fix?

Rename the AD Confluence-administrators group to something different. See if I can then add the local confluence-administrators group to global permissions?

I am not sure if local groups will pop in the group selection since AD is on top of local directory.

AnnWorley
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
April 25, 2018

Based on Comparing the confluence-administrators group with the administrator permissions, if the admin account is part of the confluence-administrators local group, the health check should not be failing:

You can't change the global permissions granted to the confluence-administrators group. If you don't want your admins to be able to see all spaces and restricted pages, you can create a new group, and grant that group the Confluence administrator and system administrator global permissions.

So that we can take a closer look at your logs and configuration files I have opened a support request on your behalf. After it is resolved we can circle back to update this thread.

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events