Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Remove user from Organization with ScriptRunner automation rule

I don't have much experience with scripting so I want to ask if anyone has set up ScriptRunner automation rule for removing users from an organization or can recommend some approach.

3 answers

1 accepted

0 votes
Answer accepted
Hana Kučerová Community Leader Jan 13, 2021

Hi @Brad Butchers ,

would you please provide more information? What is your situation and why and under which circumstances do you need to do such a thing?

Hi Hana,

The situation is if people leave a company they can complete a certain request type and it will automatically remove them from the organization

Cheers

Brad

Hana Kučerová Community Leader Jan 16, 2021

Hi @Brad Butchers ,

you can send DELETE request to the Service Management's API. Even though it is experimental, it worked for me, I just needed to provide additional header:

X-ExperimentalApi: opt-in

It is not clear from the documentation, but you need to provide list of usernames, which you want to remove from the organization. So the request body is the same as when you are adding users to the organization, something like:

{
"usernames": [
"username1",
"username2",
"username3"
]
}

Example of how to send request can be found here.

Excellent thanks, what would the script look like thought? I'm new to the groovy/java scripting for script runner but i did run these through postman and they work for me too.

For an automation rue to work firstly I would need to know how to get the username from a custom field to use as the user to remove. How would I do this?

Second would be to get the organization that user belongs too. How would I do this too?

Cheers

Brad

Hana Kučerová Community Leader Jan 18, 2021

Hi @Brad Butchers ,

so, just to be sure - user, who should be deleted, creates the request for himself or somebody requests for him? I ask, because I want to know, if we can use field Reporter or we will work with some custom field with type User Picker (Single User).

When the user should be removed? Immediately after the issue is created or during some transition or ... ?

Thank you.

Hi Hana,

someone request for them, and immediately after the request is created it would run the rule.

Thanks

Hana Kučerová Community Leader Jan 19, 2021

Hi @Brad Butchers ,

here is the code for the post function. Be aware that the user removal is performed under the logged in user, who has created the issue (so he needs to be Service Management Agent). It can be easily changed to some specific user. You also need to replace 12345 with id of your user picker custom field.

The script simply takes the user from the custom field and look, if there's organization with this user. If so, the script removes him from this organization.

import com.atlassian.jira.component.ComponentAccessor
import com.atlassian.jira.issue.CustomFieldManager
import com.atlassian.jira.issue.MutableIssue
import com.atlassian.jira.issue.fields.CustomField
import com.atlassian.jira.project.Project
import com.atlassian.jira.user.ApplicationUser
import com.atlassian.servicedesk.api.organization.CustomerOrganization
import com.atlassian.servicedesk.api.organization.OrganizationsQuery
import com.atlassian.servicedesk.api.organization.OrganizationService
import com.atlassian.servicedesk.api.organization.UsersInOrganizationQuery
import com.atlassian.servicedesk.api.organization.UsersOrganizationUpdateParameters
import com.atlassian.servicedesk.api.ServiceDesk
import com.atlassian.servicedesk.api.ServiceDeskManager
import com.onresolve.scriptrunner.runner.customisers.PluginModule
import com.onresolve.scriptrunner.runner.customisers.WithPlugin

@WithPlugin("com.atlassian.servicedesk")

@PluginModule
ServiceDeskManager serviceDeskManager

@PluginModule
OrganizationService organizationService

final Integer USER_CUSTOM_FIELD_ID = 12345

MutableIssue issue = issue
Project project = issue.getProjectObject()

ApplicationUser loggedInUser = ComponentAccessor.getJiraAuthenticationContext().getLoggedInUser()

CustomFieldManager customFieldManager = ComponentAccessor.getCustomFieldManager()
CustomField customField = customFieldManager.getCustomFieldObject(USER_CUSTOM_FIELD_ID)
ApplicationUser userToRemove = issue.getCustomFieldValue(customField) as ApplicationUser

ServiceDesk serviceDeskProject = serviceDeskManager.getServiceDeskForProject(project)
Integer serviceDeskProjectId = serviceDeskProject.getId()

OrganizationsQuery organizationsQuery = organizationService.newOrganizationsQueryBuilder().serviceDeskId(serviceDeskProjectId).build()
List<CustomerOrganization> organizations = organizationService.getOrganizations(loggedInUser, organizationsQuery)?.getResults()

organizations.each {CustomerOrganization customerOrganization ->
UsersInOrganizationQuery usersInOrganizationQuery = organizationService.newUsersInOrganizationQuery().
customerOrganization(customerOrganization)
.build()
ApplicationUser foundUser = organizationService.getUsersInOrganization(loggedInUser, usersInOrganizationQuery).find{ ApplicationUser userInOrganization ->
userInOrganization.getKey() == userToRemove.getKey()
} as ApplicationUser
if (foundUser) {
Set<ApplicationUser> users = [foundUser].toSet()
UsersOrganizationUpdateParameters usersOrganizationUpdateParameters = organizationService.newUsersOrganizationUpdateParametersBuilder()
.organization(customerOrganization)
.users(users)
.build()
organizationService.removeUsersFromOrganization(loggedInUser, usersOrganizationUpdateParameters)
}
}

Thanks so much Hana, greatly appreciated. I will do some testing today :)

Hi Hana,

In regards to;

"Be aware that the user removal is performed under the logged in user, who has created the issue (so he needs to be Service Management Agent). It can be easily changed to some specific user."

Where would I add the system account that would do this for the permissions?

i would have to change below?

ApplicationUser loggedInUser = ComponentAccessor.getJiraAuthenticationContext().getLoggedInUser()
Hana Kučerová Community Leader Jan 26, 2021

Hi @Brad Butchers ,

I'm sorry, I missed the notification. You can change it like this:

import com.atlassian.jira.component.ComponentAccessor
import com.atlassian.jira.issue.CustomFieldManager
import com.atlassian.jira.issue.MutableIssue
import com.atlassian.jira.issue.fields.CustomField
import com.atlassian.jira.project.Project
import com.atlassian.jira.user.ApplicationUser
import com.atlassian.jira.user.util.UserManager
import com.atlassian.servicedesk.api.organization.CustomerOrganization
import com.atlassian.servicedesk.api.organization.OrganizationsQuery
import com.atlassian.servicedesk.api.organization.OrganizationService
import com.atlassian.servicedesk.api.organization.UsersInOrganizationQuery
import com.atlassian.servicedesk.api.organization.UsersOrganizationUpdateParameters
import com.atlassian.servicedesk.api.ServiceDesk
import com.atlassian.servicedesk.api.ServiceDeskManager
import com.onresolve.scriptrunner.runner.customisers.PluginModule
import com.onresolve.scriptrunner.runner.customisers.WithPlugin

@WithPlugin("com.atlassian.servicedesk")

@PluginModule
ServiceDeskManager serviceDeskManager

@PluginModule
OrganizationService organizationService

final Integer USER_CUSTOM_FIELD_ID = 12345
final String USER_KEY = "userkey"

MutableIssue issue = issue
Project project = issue.getProjectObject()

UserManager userManager = ComponentAccessor.getUserManager()
ApplicationUser user = userManager.getUserByKey(USER_KEY)

CustomFieldManager customFieldManager = ComponentAccessor.getCustomFieldManager()
CustomField customField = customFieldManager.getCustomFieldObject(USER_CUSTOM_FIELD_ID)
ApplicationUser userToRemove = issue.getCustomFieldValue(customField) as ApplicationUser

ServiceDesk serviceDeskProject = serviceDeskManager.getServiceDeskForProject(project)
Integer serviceDeskProjectId = serviceDeskProject.getId()

OrganizationsQuery organizationsQuery = organizationService.newOrganizationsQueryBuilder().serviceDeskId(serviceDeskProjectId).build()
List<CustomerOrganization> organizations = organizationService.getOrganizations(user, organizationsQuery)?.getResults()

organizations.each {CustomerOrganization customerOrganization ->
UsersInOrganizationQuery usersInOrganizationQuery = organizationService.newUsersInOrganizationQuery().
customerOrganization(customerOrganization)
.build()
ApplicationUser foundUser = organizationService.getUsersInOrganization(user, usersInOrganizationQuery).find{ ApplicationUser userInOrganization ->
userInOrganization.getKey() == userToRemove.getKey()
} as ApplicationUser
if (foundUser) {
Set<ApplicationUser> users = [foundUser].toSet()
UsersOrganizationUpdateParameters usersOrganizationUpdateParameters = organizationService.newUsersOrganizationUpdateParametersBuilder()
.organization(customerOrganization)
.users(users)
.build()
organizationService.removeUsersFromOrganization(user, usersOrganizationUpdateParameters)
}
}

Hi @Hana Kučerová 

Don't be sorry, thank you so much for assistance, I just wasn't sure if you had gone on holidays or something.

So I just need to replace "userkey" with my service account?

final String USER_KEY = "userkey"

 

Hana Kučerová Community Leader Jan 27, 2021

Hi @Brad Butchers ,

yes, you just need to provide key of your service user 

It is something like JIRAUSERxxxxx or username for older users. I think it is more safe to work with keys instead of usernames, see here for details.

Thanks so much, works perfectly :) your amazing!

Would it be possible to do the opposite like this? add a user to an organization?

Hana Kučerová Community Leader Jan 28, 2021

@Brad Butchers  Yes, but probably there will be a problem with getting the information to which organization should the user be added.

Do you have any idea, how this should work?

Hi @Hana Kučerová 

I see the problem. If there is a custom filed the user types the organization into would the script be able to match the organization to the organization ID to add the user?

Thanks,

Brad

Hana Kučerová Community Leader Jan 29, 2021

Hi @Brad Butchers ,

I can imagine you create some select list custom field with the names of organizations and the script will find the organization based on the selected name, but this is not very nice, because there will be no connection between the options of custom field and the names of the organizations and if somebody changes something, the names won't match anymore.

It would be great, if we could work directly with the organizations objects. I thought about script fields, where you can create database picker and get the right values. But if I remember it correctly these fields are not available in the portal... So this won't help us either.

Hi @Hana Kučerová 

Ah I see our limitations, thank you so much for your time and effort looking into this. It is greatly appreciated.

Cheers

Brad

Like Hana Kučerová likes this

Anyone else able to help me to change the script from logged in user to a specific account?

0 votes

Hello,

We need this too. We have added the whole organization twice: with ".com" and ".net"
Now we should remove all users with ".com". Is this possible to do with script or somehow?

We use Cloud.

Thanks,
Max

Deleted user Jan 14, 2021

Sorry if this is wrong topic. I have done my task via REST API. I created VBScript and deleted unused users (3600).

Suggest an answer

Log in or Sign up to answer
DEPLOYMENT TYPE
SERVER
TAGS
Community showcase
Published in Jira Service Management

Security Advisory for Jira Service Management

On October 20, 2021, Atlassian published a security advisory for Jira Service Management. The full advisory is available at this link.  We've seen a number of questions already asking for...

222 views 1 2
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you