Hi,
I'm running JIRA 7.5.1 and Crowd 3.1.1. When I configured Crowd with Jira I created three groups per the documentation: jira-administrators, jira-developers, and jira-users. In the Crowd delegated authentication directory I originally had all three groups, meaning that when users logged into JIRA the first time they automatically became members of all three groups.
I fixed the error in the delegated authentication directory and removed jira-administrators.
Also in the Crowd web interface under Applications, I removed the jira-administrators from the JIRA instance.
Next, I thought I'd begin removing users who do not need admin rights from the jira-administrators group, and this causes them to not be able to log in again. They get a permission denied.
What am I missing, and how do I fix this?
Thank you.
Sorry for being so slow to get to this.
The missing piece for me is how you grant access to use Jira (not projects etc, just the system)
Can you tell us what you have in "Application Access"?
Oh you don't have any users under jira-software-users, and you have it as the default group
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Ok, so this jira-software-users group was probably created by default I assume. We have Crowd configured to work with JIRA, when I set it up I crated the jira-administrators, developers, and users groups. But not the group shown as default above.
So do I need to add this group to Crowd and assign users to it?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Yes add that group to Crowd and assign it users
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Ok, I think that was it. I just had someone test. This person is not in the admin group, and they were able to log in.
The jira-software-users group was created in Crowd and populated but it is not showing up in JIRA yet with the users that were added in Crowd. So I added the Jira-users group as the default, and that seems to have worked.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Great! Thanks a Million @Nic Brough -Adaptavist-!
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Here's a capture of what every user account looks like right now. Again, what ends up happening is if I remove the users from the jira-administrators in Crowd, they're no longer able to log in to JIRA.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Did you check your DB see which group is the first one being used to log in?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Can you please send a screenshot from your JIRA User Management Screen with your directories?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I am thinking there is something wrong with group priority on the Database itself. I just asked a Professional Community Champion for his help.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I suspected that may be the issue also, probably because of the way the groups were initially set up and basically I left the flood gates wide open by adding everyone to the jira-administrators group.
Thanks for your help, please let me know if you're able to find out anything about this.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Let's see how @Nic Brough -Adaptavist- can help us. I asked for his help.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I already have Crowd configured and connected to JIRA, and I understand the role of the jira-administrators group.
I can remove users from the jira-administrators group easily, but when I do, they're no longer able to log in.
how can I fix that?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.