I'm looking for a script that removes all inactive users from any groups they are in. Does anyone have such a thing?
thanks in advance
Chris
For anyone who searches this, this is what I did in the end - including some logging and the ability to exclude groups that are controlled via ldap:
import com.atlassian.jira.component.ComponentAccessor
import com.atlassian.jira.security.groups.GroupManager
import com.atlassian.jira.user.ApplicationUser
import com.atlassian.jira.user.util.UserManager
import com.atlassian.jira.user.util.UserUtil
import org.apache.log4j.Logger
import org.apache.log4j.Level
def log = Logger.getLogger("com.jira.DelActiveScript")
log.setLevel(Level.DEBUG)
def userManager = ComponentAccessor.getUserManager()
def userUtil = ComponentAccessor.userUtil
def users = userManager.getAllApplicationUsers()
def array = users.toArray()
def groupManager = ComponentAccessor.getGroupManager()
for (int i =0; i < array.size(); i ++){
def user = array[i].getName().toString()
if(!userManager.getUserByName(user).isActive()){
def groups = groupManager.getGroupsForUser(user)
for (int j =0; j < groups.size(); j ++){
if(groups[j].getName().toString() != "jira-users"){
def groupName = groups[j].getName().toString()
log.debug(user + " - " + groupName)
def group = groupManager.getGroup(groupName)
userUtil.removeUserFromGroup(group, userManager.getUserByName(user))
}
}
}
}
Thanks for this. Still works well!
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
@Chris Shepherd I am looking to remove Inactive users from all my groups, including jira-users. I think this is what you were trying to achieve. Can you help me understand what is happening in this portion of your script above?
for (int j =0; j < groups.size(); j ++){
if(groups[j].getName().toString() != "jira-users"){
def groupName = groups[j].getName().toString()
log.debug(user + " - " + groupName)
I am not strong with scripting (obviously). Thank you.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Well, it's 5 years since I wrote it but:
for (int j =0; j < groups.size(); j ++){
is creating a counter (j) to loop through all the groups
if(groups[j].getName().toString() != "jira-users"){
Get the group name for the counter.
If the group name is not equal (!=) to jira-users then do the next bit
def groupName = groups[j].getName().toString()
get the group name (again! who wrote this rubbish :) )
log.debug(user + " - " + groupName)
write it to the log file to show whats going on
def group = groupManager.getGroup(groupName)
userUtil.removeUserFromGroup(group, userManager.getUserByName(user))
Then take them out the group.
I ignore the jira-users group as that is controlled by ldap in our instance. but if you don't want to do that remove the
if(groups[j].getName().toString() != "jira-users"){
HTH
Chris
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Tried running this and removed
if(groups[j].getName().toString() != "jira-users"
Result shows "null"
The Log is packed full of entries identifying the Inactive User and group assignment, then the INFO message"[IssueSecurityLevelManagerImpl.projectAndUserToSecurityLevelCache]: Cache com.atlassian.jira.issue.security.IssueSecurityLevel managerImpl.projectAndUserToSecurityLevelCache was flushed
When I go back to the User Management area though, all the Inactive users are still assigned to all their groups, though. Any guidance if appreciated.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Sorry don't really know why that wouldn't work. you could try adding some more logging:
change
def group = groupManager.getGroup(groupName)
userUtil.removeUserFromGroup(group, userManager.getUserByName(user))
to
def group = groupManager.getGroup(groupName)
def userObj = userManager.getUserByName(user)
log.debug(group)
log.debug(userObj)
userUtil.removeUserFromGroup(group, userObj)
If either group or userobj display as null then that might be the problem.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
Ive used deprecated method in it, but it should work i think.
{code}
import com.atlassian.jira.component.ComponentAccessor
import com.atlassian.jira.security.groups.GroupManager
import com.atlassian.jira.user.ApplicationUser
import com.atlassian.jira.user.util.UserManager
import com.atlassian.jira.user.util.UserUtil
def userManager = ComponentAccessor.getUserManager()
def userUtil = ComponentAccessor.userUtil
def users = userManager.getAllApplicationUsers()
def array = users.toArray()
def groupManager = ComponentAccessor.getGroupManager()
for (int i =0; i < array.size(); i ++){
def iter = array[i].getName().toString()
print iter
def groups = groupManager.getGroupsForUser(iter)
def currentApplicationUser = userManager.getUserByName(iter)
print currentApplicationUser
if(!userManager.getUserByName(iter).isActive()){
userUtil.removeUserFromGroups(groups, currentApplicationUser)
}
}
{code}
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Thanks so much, it wasn't exactly what I needed but got me right to the edge of what was required.
Thanks Loads
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Thanks for this, I faced a similar req, but removing just from a specific group since we synch groups from LDAP, here's my modified version, saved it in ScriptEditor, and used it with different group names as separate ScriptRunner Jobs:
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Thanks for that @efrel !
I have tried using this and see some warnings appear in ScriptEditor.
The first is concerning line 17 and the variable "log":
If I change that to "logs" another warning appears, this time on line 27, concerning an improved search method:
Do you have any tips on how to deal with this?
Can it safely be ignored, or could you improve it, maybe?
Many thanks and kind regards.
Michiel
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Michiel, apparently there are newer more efficient ways to accomplish this now, I upgraded my code as well and tested successfully on 8.22.6, here it is:
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Does anyone know how to do this for Jira Cloud using ScriptRunner?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.