You're on your way to the next level! Join the Kudos program to earn points and save your progress.
Level 1: Seed
25 / 150 points
Next: Root
1 badge earned
Challenges come and go, but your rewards stay with you. Do more to earn more!
What goes around comes around! Share the love by gifting kudos to your peers.
Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!
Join now to unlock these features and more
The Atlassian Community can help you and your team get more value out of Atlassian products and practices.
Need A way to extract all groups and there usage through SQL
A manual way is to look at all your permission schemes and notifications schemes for the groups they use. Then go through all project roles and do the same. Groups can also be used for sharing of filters and dashboards. Finally check all workflows for group usage in the XML. Very tedious!
I would love to see a plugin that does all this for admins
Hello Matt I want an SQL query for that since my admins want to automate the process
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Me too!
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
And fields, and the configuration of dashboard gadgets, and use in saved filters, and, and, and...
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Not sure if someone has created a similar solution before on ScriptRunner. I've tried compiling the data for this in a few ways (took me a week). I'm relatively new to all this so please verify the results. If there are any mistakes in what I have shared. Please do mention the same.
Primary reference: https://confluence.atlassian.com/jirakb/how-to-identify-group-usage-in-jira-441221524.html
The solution uses Adaptavist ScriptRunner's -> Script Console, Resources
************
*************
------------------
Note: Workflow data is not ideally returned by the SQL query from Atlassian. So I implemented a workaround that mostly works. Please do read the comments in the code for more info.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
This article comes on the top of google queries for "jira find where group is used", and does sadly not contain the answer from other similar questions.
So I'm therefore pointing out that there is a knowledge-base article for it: https://confluence.atlassian.com/jirakb/how-to-identify-group-usage-in-jira-441221524.html
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Problem is that article doesn't reference the complexities or how to actually answer the question. That's why Google lands here - it explains it properly.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Your answer explains the complexity on the details and nuances in the question -- I wholeheartedly agree.
The kb-article gave me the answer I needed, based on a very similar question to this community post, nevertheless :)
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I usually never comment on forums but can attest that this post is worthless and I don't understand why the question is so hard. All I want to see is the all the permission schemes (and potentially others schemes like notifications) that have a reference to the group in question. Inside the JIRA admin all you see is that the group in question has no product access which is flat garbage because the users access the product every day and are on multiple permission schemes. My use case might be far less complex than ones above, but maybe simplicity is a good place to begin?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
We are looking at permissions of the current groups to see if all are necessary and that the permissions aren't being duplicated over multiple groups.
That a number of the groups have only the comment "This group currently has no product access" is not helpful.
We have the cloud version which doesn't allow for running SQL against the Database.
So any development which would allow clear showing of what permissions each group has would be very welcome.
Kind Regards
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
The question is hard to answer because it does not have any context. So the answers you're seeing here are either highly generic (because there's no context) or trying to ask for that context.
I think it's probably important to be very clear about the context of the question. What problem are you trying to solve? (In fact, is it really a problem? "I want to cut down the number of groups" is not the actual problem, the problem behind that is likely more to be "the admin is struggling to maintain all the people in the groups". Getting a list of permissioned groups probably isn't going to help much with that, it would be far better to review the groups without looking at permissions, get the groups tidied into what you actually need from them, get the space admins to review their spaces to see that the new/changed groups have the right access, and then kill off the ones you don't need later. Or, even, stop using groups apart from the bare minumum of "can use the application" and maybe a small handful of wide-ranging standard groups, and get the space admins to add the people they need when they need them.
A list of 100,000 lines listing every permission every user and every group in every space is not really going to help you rationalise, the permissions aren't really the problem you're trying to solve in these cases.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
As a Jira Admin,
I want to see all permitted access a particular group of users has,
So that I can ensure they do not have more access than I intend.
Jira OOTB is not very secure-by-default once you let in users outside your org. You need to lock down various things - conveniently via groups.
For example, group "external-users-client1" should have permission to see only a Jira project dedicated for collaborating with Client1.
I want to be able to address concerns like: Did I set that up properly, or possibly create a huge security hole that is not obvious?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I'd suggest asking your admins for a more human answer.
I can think of around 30 different SQL queries that, while "accurate", won't tell you what you really need to know about access.
Instead of giving you a "Microsoft" answer (technically accurate, but completely useless), could you tell us what you are trying to do? What question are you trying to answer, and why?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Nic,
I am currently an Intern and trying my hands in every Area of JIRA, I tried my hands in JIRA, EasyBI, BigPicture, so My JIRA admin gave me a assignment to figure out where all the groups are getting used in JIRA for Ex.
I want to extract the list.
I found this link but I have to insert all the roles and run separate query for for each which kind of make it complicated.
https://confluence.atlassian.com/jirakb/how-to-identify-group-usage-in-jira-441221524.html
Need some work around for this.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Right, that's a significant project in itself, even in a small Jira.
Your list is a start, but you also need to look at
As you can tell, this is not a simple task. However, it is generally of limited use too, and hence pretty much a massive waste of time.
Go back to the real question. "I want to know where groups/users are used" is not the real question. Why do you want to know where they're used? What's the point? Why does it matter?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
The JIRA admin wants it for tracking process and she wants to automate the process instead of looking into JIRA manually
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Automate what?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I mean the process of looking all the Usage of the groups she wants it in excel tabular format
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I'm afraid that's a circular answer - "Why do you want to know where they are used?" is not answered by "I want to look at where they are used".
Could you tell us why this matters and how it would be more useful than going into the configuration to check, understand and amend access?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
as I mentioned I am an intern and this is assignment given to me by JIRA admin. I suppose may be want to present the report to management or to save time. I am not sure why they want it that way.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Then ask them.
Take this conversation to them. Point out that "where a group is used" is a very complex thing to try to extract from Jira (even before you install any add-ons).
It is still possible, but it's going to take you a LOT longer to form SQL than it is to investigate every place where they might be used manually, and than any investigation is going to take a very very long time.
If you knew why you were doing this, you would probably save a lot of time because you could focus on the actual question.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
a use case could be that a group (coming from AD) will be deleted and you want to replace it with another one... so it would be good to know in advance and replace it before it will be deleted, especially when you have a big Jira and propably a high impact on this
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
In that case, you'll want to be work through all the UI options anyway, because you'll be needing to change the settings for the new group. A long list of where it might have to change is not going to help you.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.