Jira-administrators problem with logins

Charlie February 8, 2018

Hi,

I'm running JIRA 7.5.1 and Crowd 3.1.1.  When I configured Crowd with Jira I created three groups per the documentation:  jira-administrators, jira-developers, and jira-users. In the Crowd delegated authentication directory I originally had all three groups, meaning that when users logged into JIRA the first time they automatically became members of all three groups.

I fixed the error in the delegated authentication directory and removed jira-administrators.

Also in the Crowd web interface under Applications, I removed the jira-administrators from the JIRA instance.

Next, I thought I'd begin removing users who do not need admin rights from the jira-administrators group, and this causes them to not be able to log in again. They get a permission denied.

What am I missing, and how do I fix this?

Thank you.

3 answers

0 votes
Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
February 16, 2018

Sorry for being so slow to get to this.

The missing piece for me is how you grant access to use Jira (not projects etc, just the system)

Can you tell us what you have in "Application Access"?

Charlie February 19, 2018

Hi Nic,

Here's a capture from the Application Access window in JIRA.app_access.jpg

Fadoua
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
February 19, 2018

Oh you don't have any users under jira-software-users, and you have it as the default group

Charlie February 19, 2018

Ok, so this jira-software-users group was probably created by default I assume. We have Crowd configured to work with JIRA, when I set it up I crated the jira-administrators, developers, and users groups. But not the group shown as default above.

So do I need to add this group to Crowd and assign users to it?

Fadoua
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
February 19, 2018

Yes add that group to Crowd and assign it users

Charlie February 19, 2018

Ok, I think that was it. I just had someone test. This person is not in the admin group, and they were able to log in.

The jira-software-users group was created in Crowd and populated but it is not showing up in JIRA yet with the users that were added in Crowd. So I added the Jira-users group as the default, and that seems to have worked.

Fadoua
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
February 19, 2018

Great! Thanks a Million @Nic Brough -Adaptavist-!

Charlie February 19, 2018

Yes thank you Nic and Fadoua.

0 votes
Charlie February 14, 2018

Here's a capture of what every user account looks like right now. Again, what ends up happening is if I remove the users from the jira-administrators in Crowd, they're no longer able to log in to JIRA.

2018-02-14_9-36-56.jpg

Fadoua
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
February 14, 2018

Did you check your DB see which group is the first one being used to log in?

Charlie February 14, 2018

For pretty much all users this is what shows up:

2018-02-14_14-07-03.jpg

They have all three groups. If I remove jira-administrators. They can't log in anymore.

Fadoua
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
February 15, 2018

Can you please send a screenshot from your JIRA User Management Screen with your directories?

Charlie February 15, 2018

Hi Fadoua,

Here's the User Directories screen:

userdir.jpg

Fadoua
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
February 15, 2018

I am thinking there is something wrong with group priority on the Database itself. I just asked a Professional Community Champion for his help.

Charlie February 15, 2018

I suspected that may be the issue also, probably because of the way the groups were initially set up and basically I left the flood gates wide open by adding everyone to the jira-administrators group.

Thanks for your help, please let me know if you're able to find out anything about this.

Fadoua
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
February 15, 2018

Let's see how @Nic Brough -Adaptavist- can help us. I asked for his help.

0 votes
Fadoua
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
February 8, 2018

Only JIRA Admins should be part of your JIRA Administrators group. You can add Project Admins to the Developers group

All other users should be in the jira-users group and should be able to log in to JIRA.

For more details please click here

Another useful link

 

Charlie February 9, 2018

I already have Crowd configured and connected to JIRA, and I understand the role of the jira-administrators group.

I can remove users from the jira-administrators group easily, but when I do, they're no longer able to log in.

how can I fix that?

Suggest an answer

Log in or Sign up to answer