I have a really strange problem with one single user.
I import users (~500) from different active directories into my jira, everything works fine except one user. That user has (really) the same groups and projectroles as others, but when he searches for issues not a single issue can be found (so the dashboard is empty, too) (tested on different systems).
Despite that he can acces his issues by the quick search or by url...
The projectroles this user (and most others) is in can only see their own reported issues.
When I give him a projectrole able to see everything, he sees everything ...
I really don t know what to do with that... Your help is really appreciated.
When you say "access by quick search", do you mean just typing the issue key in? Or by putting a proper search in (project key, then words from the summary)?
By filters, I assume you mean you're putting in something like "reported by myself" and seeing the issue navigator return nothing?
I ask because there's an important question about indexing here and those questions will clarify it a bit.
Oh, and also, check that the user is not duplicated? If they're logging stuff as one ID and searching as another. (Doesn't sound like it, but needs explicitly ruling out)
thanks for Your efforts! With "access by quick search" I mean typing the issue key in the searchfield within the menu bar in the upper right corner of the screen.
"By filters" means searching for issues with the issue navigator (simple search or advanced with JQL).
I checked the user in the database before: there is only one user with that username in table cwd_user and only one corresponding entry in external_entities.
Ok, that suggests that your index is broken. Searching uses the index, but typing the issue-key into quick search, using the url and viewing it directly doesn't, they come from the cache and database.
To test this, could you amend one of the users issues and then try the filter again? A simple edit will cause the entire issue to be reindexed which should repair it, if I've hit the right cause! I usually add punctuation to the description. Like adding/removing the . on the last sentence, but any update will do.
If it's not that, then it must be something wrong with the user somehow, but you've checked the most obvious user based problem.
I will check that later because I don t have the users credentials. I really hope you hit the right cause but I am not sure about that: with my account I could find that issues by jql-search...
With a broken index the issues should not be searchable at all, I think...
Well, I ll try and hope for the best ;)
I'm not sure about JQL searches - as you say, I'd expect them to also use the index (and hence break), but I'm not 100% certain.
One other thing you can check, as it might tell us something. As the user for their filter definition (if they can share the filter with you, even better, because they won't have to think about translating or pasting stuff for you). Are they using something like "assignee = current user", or "assignee = specific-user". Be interesting to see what they get from both, and then what you see from the second as well!
I wouldn't say bad news - it's good news that your index isn't broken! :-)
I must admit I'm getting quite stuck though. The user can see issues, but not search for them, usually indexing, but definitely not this time.
I know we've covered this, sort of, but just to be completely clear, can you get them to try a filter like "assignee = their.login" rather than "assignee = currentuser()". Then try exactly the same yourself. What I'm trying to test here is if it's an oddity in their login, or what currentuser() is doing!
Oh yes, of course, good news ;)
No matter what that user searches for "reporter=currentuser()", "reporter=user.login" or a blank search, no issues are found.
Other users with the same permissions can find issues with the same filter.
I know that is really strange and I didn t believe the user s failure description until I saw it myself...
Ok, that is 100% clear to me, and I'm totally flummoxed. I've got two things left
1. is totally clutching at straws, but can you check the log file for warnings and errors?
2. Yell for help from Atlassian. I'd include something along the lines of:
Obviously, emphasise "Alice can see her issue" and that "Charlie can use an identical search and find it"
Not a problem. It's actually a really good example of how a question should be worked through. Even though I couldn't work out what the heck is wrong (and am really annoyed, especially because I've a horrid feeling it's going to be something simple that I really should have spotted immediately!)
You've started with a clear question, you've explained symptoms, you've clarified everything we weren't sure about, you've thought for yourself before asking, and continued to think about what might be going on, volunteered info that might be relevant without rambling off on a different path, and best of all, answered every question we've asked you, no matter how vague I've been. I wish all the people I support could be like that!
Can you install this: https://marketplace.atlassian.com/plugins/com.keplerrominfo.jira.plugins.rightsdna
and make sure that there's no problem with the permissions ?
Go to plugins->Rights DNA->Issue Security -> enter issue number and check the sources.
Alternatively, go to "By user", type in the user and see what perms s/he has. You may have enough info to decide if there's a perm problem.
I'm not sure you need to bother.
User can see the issue when using the direct url. User can't get it in searches. Other users can.
There's no permission that separates that - if a user can see an issue, it should come out in the search, assuming it matches the search criteria.
(In most other "user can/can't", this advice is good, but I think Jochen has already covered it in his investigations)
@Nic You're right, if there's no bug. Assuming there's no error what he describes seems to be a bug in the perms IMHO. Or, the JQL is too simple and it is a problem in the search :) which I find it hard to believe.
Alternative scenario: There are 2 users with the same name (defined in 2 different directories, one local, one in AD, for instance) Older JIRA versions had problems with that, etc etc
I'm not saying you must buy this plugin. Just install it, check if the permissions are ok or not, then you can uninstall it.
Yes, I was sort of trying to eliminate the two-directories with the "duplicate user" questions, but I'm not that familiar with LDAP problems with directories, because I've mostly only worked with "flat" LDAP (single directory) hookups. I still think it could be the root of the problem, but I've reached the limit of my LDAP experience. I've asked what I think is needed to rule it out, but I am not sure.
A bug in permissions is something I'd not really thought of, as I've never really seen one since Jira 2.7! If it is, then raising the problem with Atlassian is probably right, as they'll want to fix it asap. Similarly, the JQL.
I installed RightsDNA and it looks like a quite cool addon. But I have bad luck with restrictions of the trial licence. When scanning by email or by user the relevant user/project is not visible.
Regarding issue security scan: we don t have issue security in use. All permissions are granted by memberships of project roles.
In the past, Portfolio for Jira required a high degree of detail–foresight that was unrealistic for many businesses to have–in order to produce a reliable long-term roadmap. We're tur...
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG
You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs