Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Administrator account lost group membership on upgrade

Mattias Kallvi
Mattias Kallvi November 5, 2014

Hi,

I've performed an upgrade from JIRA 6.0.8 to JIRA 6.2.7 in our test enviroment. Once the upgrade finished I signed in with our admin account (JIRA Interna Directory). Here I notice that I've lost all admin permissions(membership to system administrator group) on this account. I signed in with another account and tried to re-add these permissions and received an "duplicate key"-error. Ran the following sql on the database:

select * from cwd_membership where parent_name='jira-administrators'

(where I replaced the jira-administrators with the name of my system administrator group) and my admin account showed up in the result. It seems as if the account has the permission assigned but that JIRA somehow can't find it.

This error did not occour on all accounts in JIRA Internal Directory, only this account. The error, as far as I can tell, didn't seem to affect the accounts from our Active Directory.

I've done the basic restart of JIRA but that didn't help. Any suggestions on what might have caused this error and how to solve it is appreciated.

//Mattias

Answer
Watch
Like Be the first to like this
192 views

2 answers

0 votes
Mattias Kallvi
Mattias Kallvi November 10, 2014

After looking at the table rows in the db more carefully I could see that there was a difference in lower_parent_name column between my admin account and other JIRA Internal Directory accounts. Even though they should be in the same Group according to the value in the parent_id column, the value in the lower_parent_name was different.

To solve this problem I stopped JIRA, updated the value in the lower_parent_name column to match the other JIRA Internal Directory account. After that I started JIRA and everthing worked fine. I was in contact with Atlassian before I did this and this was the solution that they recommended. Remember to try this in a staging enviroment before you do this in production.

My guess is that JIRA performes a join between the tables cwd_membership and cwd_group but not on the ID column. Instead they join on the lower_parent_name.

Reply
0 votes
Jobin Kuruvilla [Adaptavist]
Jobin Kuruvilla [Adaptavist]
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
November 5, 2014

Is there another account in your AD with the same user name? If so, that might be overriding your internal user account depending on how the directories are ordered.

View More Comments
Mattias Kallvi
Mattias Kallvi November 5, 2014

The JIRA Internal Directory is first in line. I will ask the AD-guys if there is an AD-account with the same name just to rule that option out, but I don't think so. All of this worked just fine before the upgrade.

Like
Mattias Kallvi
Mattias Kallvi November 5, 2014

Just got the answer from the AD-guys, there are no AD-account with the same user name.

Like
Jobin Kuruvilla [Adaptavist]
Jobin Kuruvilla [Adaptavist]
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
November 6, 2014

Your DB might be corrupted somehow. You can try what is described here: https://confluence.atlassian.com/display/JIRA/Retrieving+the+JIRA+Administrator

Like
Mattias Kallvi
Mattias Kallvi November 6, 2014

I've looked at that article, that's where I got the SQL query. I know which account is the admin account and I know the password. I can see that the user, according to the db, has system administrator permission. However, when I look at the account in User Management, that Group is not mapped to the user. My guess is, as you say, that something is wrong with the db. I have raised a support ticket at Atlassian to see if they have any idea how this can be solved.

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira Software
TAGS
AUG Leaders

Atlassian Community Events

    See all events