Attempts to remove a user from confluence-users (he no longer works here), provides error: "Could not remove user 'jfkxxxx' as a member of group 'confluence-users'. Check your server logs for more information. We're running server locally, with LDAP integration but this is a local group (not an AD group).

Checking var/atlassian/application-data/confluence/logs/atlassian-confluence.log gives me this error:

2019-09-17 08:53:57,111 INFO [read-only-transaction:thread-1] [atlassian.confluence.user.DefaultUserAccessor] getUserNamesWithConfluenceAccess Found USE permission with no associated username or group:
[USECONFLUENCE,0,null,null,null] 2019-09-17 08:54:06,500 ERROR [http-nio-8090-exec-5] [bucket.user.DefaultUserAccessor] removeMembership Failed to remove 'jfkxxxx' as a member of 'confluence-users'
-- referer: https://cmsconfluence.generalcode.com/admin/users/domembersofgroupsearch.action?membersOfGroupTerm=confluence-users | url: /admin/users/removeuserfromgroup.action | traceId: ab4502985c5e5597 | userName:
lgraham | action: removeuserfromgroup com.atlassian.user.EntityException: com.atlassian.crowd.exception.OperationNotPermittedException: com.atlassian.crowd.exception.ApplicationPermissionException: At least one
directory containing jfkxxxx as a member of confluence-users does not have write permission