A single user can´t search issues

Hi all!

I have a really strange problem with one single user.

I import users (~500) from different active directories into my jira, everything works fine except one user. That user has (really) the same groups and projectroles as others, but when he searches for issues not a single issue can be found (so the dashboard is empty, too) (tested on different systems).

Despite that he can acces his issues by the quick search or by url...

The projectroles this user (and most others) is in can only see their own reported issues.

When I give him a projectrole able to see everything, he sees everything ...

I really don t know what to do with that... Your help is really appreciated.

3 answers

1 accepted

0 votes
Accepted answer

Thanks to all of you for your help. Problem was caused by different cases of users accountnames in the synchronized Active Directory and Jira. In detail, cwd_user and external_entities tables in database, for example j.kypke vs. J.Kypke.

0 votes

Searching respects permissions - if he can't see a project or issue, it won't come up in the search results.

You say he can only see his own reported issues - has he actually reported any?

This user has reported 18 issues and can access that issues (by quick search and url) but not by filters.

When you say "access by quick search", do you mean just typing the issue key in? Or by putting a proper search in (project key, then words from the summary)?

By filters, I assume you mean you're putting in something like "reported by myself" and seeing the issue navigator return nothing?

I ask because there's an important question about indexing here and those questions will clarify it a bit.

Oh, and also, check that the user is not duplicated? If they're logging stuff as one ID and searching as another. (Doesn't sound like it, but needs explicitly ruling out)

Hi Nic,

thanks for Your efforts! With "access by quick search" I mean typing the issue key in the searchfield within the menu bar in the upper right corner of the screen.

"By filters" means searching for issues with the issue navigator (simple search or advanced with JQL).

I checked the user in the database before: there is only one user with that username in table cwd_user and only one corresponding entry in external_entities.

Ok, that suggests that your index is broken. Searching uses the index, but typing the issue-key into quick search, using the url and viewing it directly doesn't, they come from the cache and database.

To test this, could you amend one of the users issues and then try the filter again? A simple edit will cause the entire issue to be reindexed which should repair it, if I've hit the right cause! I usually add punctuation to the description. Like adding/removing the . on the last sentence, but any update will do.

If it's not that, then it must be something wrong with the user somehow, but you've checked the most obvious user based problem.

I will check that later because I don t have the users credentials. I really hope you hit the right cause but I am not sure about that: with my account I could find that issues by jql-search...

With a broken index the issues should not be searchable at all, I think...

Well, I ll try and hope for the best ;)

The filter the user is using are shared ones and are all like "assignee = currentuser()". Even if that user searches for 'everything', no issue is found.

I'm not sure about JQL searches - as you say, I'd expect them to also use the index (and hence break), but I'm not 100% certain.

One other thing you can check, as it might tell us something. As the user for their filter definition (if they can share the filter with you, even better, because they won't have to think about translating or pasting stuff for you). Are they using something like "assignee = current user", or "assignee = specific-user". Be interesting to see what they get from both, and then what you see from the second as well!

As I checked that when this failure was shown to me I have not found anything noticeable, but I ll check that again when I have access to that account,too.

Hmm, are they actually logged in correctly? If they go to "profile" and look at their login name, do they appear to be correct in there, and does that match the user in the assignee field (note, not names, it's the login id that matters)

Bad news: changing an issue s description or moving an issue to another status had not the desired effect...

The user seems to be logged in properly, the reporter equals the login id (checked that in database).

I wouldn't say bad news - it's good news that your index isn't broken! :-)

I must admit I'm getting quite stuck though. The user can see issues, but not search for them, usually indexing, but definitely not this time.

I know we've covered this, sort of, but just to be completely clear, can you get them to try a filter like "assignee = their.login" rather than "assignee = currentuser()". Then try exactly the same yourself. What I'm trying to test here is if it's an oddity in their login, or what currentuser() is doing!

Oh yes, of course, good news ;)

No matter what that user searches for "reporter=currentuser()", "reporter=user.login" or a blank search, no issues are found.

Other users with the same permissions can find issues with the same filter.

I know that is really strange and I didn t believe the user s failure description until I saw it myself...

Ok, that is 100% clear to me, and I'm totally flummoxed. I've got two things left

1. is totally clutching at straws, but can you check the log file for warnings and errors?

2. Yell for help from Atlassian. I'd include something along the lines of:

  • Alice logs in as Alice
  • Jochen the administrator checks that there is only one account for Alice, no duplicates, nothing with the same email address or name, and that Alice's login id is simply "alice"
  • Alice creates an issue in project Bob, called BOB-123
  • Alice makes sure that the assignee is Alice
  • Alice can see http://yourjira/browse/BOB-123
  • Alice types BOB-123 into quick search and gets taken to the issue as above
  • Alice types "assignee = Alice" into an advanced search, and gets NOTHING in the issue navigator
  • Charlie types "assignee = Alice" into an advanced search, and gets a list of issues in the issue navigator, one of which is BOB-123

Obviously, emphasise "Alice can see her issue" and that "Charlie can use an identical search and find it"

I checked logs and could not find anythig suspicious... So I scheduled a reboot of our jira server for tonight, just to be sure. After that I will raise a ticket at Atlassian.

Thank you so much for your support, Nic! Nice to know that this problem drives not only me mad ;)

Not a problem. It's actually a really good example of how a question should be worked through. Even though I couldn't work out what the heck is wrong (and am really annoyed, especially because I've a horrid feeling it's going to be something simple that I really should have spotted immediately!)

You've started with a clear question, you've explained symptoms, you've clarified everything we weren't sure about, you've thought for yourself before asking, and continued to think about what might be going on, volunteered info that might be relevant without rambling off on a different path, and best of all, answered every question we've asked you, no matter how vague I've been. I wish all the people I support could be like that!

Can you install this: https://marketplace.atlassian.com/plugins/com.keplerrominfo.jira.plugins.rightsdna

and make sure that there's no problem with the permissions ?

Go to plugins->Rights DNA->Issue Security -> enter issue number and check the sources.

Alternatively, go to "By user", type in the user and see what perms s/he has. You may have enough info to decide if there's a perm problem.

I'm not sure you need to bother.

User can see the issue when using the direct url. User can't get it in searches. Other users can.

There's no permission that separates that - if a user can see an issue, it should come out in the search, assuming it matches the search criteria.

(In most other "user can/can't", this advice is good, but I think Jochen has already covered it in his investigations)

Maybe look for errors in the logs when that user executes the JQLs?

@Nic You're right, if there's no bug. Assuming there's no error what he describes seems to be a bug in the perms IMHO. Or, the JQL is too simple and it is a problem in the search :) which I find it hard to believe.

Alternative scenario: There are 2 users with the same name (defined in 2 different directories, one local, one in AD, for instance) Older JIRA versions had problems with that, etc etc

Edit:

@Jochen L

I'm not saying you must buy this plugin. Just install it, check if the permissions are ok or not, then you can uninstall it.

Yes, I was sort of trying to eliminate the two-directories with the "duplicate user" questions, but I'm not that familiar with LDAP problems with directories, because I've mostly only worked with "flat" LDAP (single directory) hookups. I still think it could be the root of the problem, but I've reached the limit of my LDAP experience. I've asked what I think is needed to rule it out, but I am not sure.

A bug in permissions is something I'd not really thought of, as I've never really seen one since Jira 2.7! If it is, then raising the problem with Atlassian is probably right, as they'll want to fix it asap. Similarly, the JQL.

My bet goes on problems on dynamic perms, like "reporter" or "assignee" :)

Hi Radu,

I installed RightsDNA and it looks like a quite cool addon. But I have bad luck with restrictions of the trial licence. When scanning by email or by user the relevant user/project is not visible.

Regarding issue security scan: we don t have issue security in use. All permissions are granted by memberships of project roles.

Mail me at radu.dumitriu@kepler-rominfo.com and I will generate a restricted license for you.

Suggest an answer

Log in or Sign up to answer
Community showcase
Published Nov 27, 2018 in Portfolio for Jira

Introducing a new planning experience in Portfolio for Jira (Server/DC)

In the past, Portfolio for Jira required a high degree of detail–foresight that was unrealistic for many businesses to   have–in   order to produce a reliable long-term roadmap. We're tur...

2,737 views 17 21
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you