You're on your way to the next level! Join the Kudos program to earn points and save your progress.
Level 1: Seed
25 / 150 points
Next: Root
1 badge earned
Challenges come and go, but your rewards stay with you. Do more to earn more!
What goes around comes around! Share the love by gifting kudos to your peers.
Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!
Join now to unlock these features and more
The Atlassian Community can help you and your team get more value out of Atlassian products and practices.
I'm looking for a script that removes all inactive users from any groups they are in. Does anyone have such a thing?
thanks in advance
Chris
For anyone who searches this, this is what I did in the end - including some logging and the ability to exclude groups that are controlled via ldap:
import com.atlassian.jira.component.ComponentAccessor
import com.atlassian.jira.security.groups.GroupManager
import com.atlassian.jira.user.ApplicationUser
import com.atlassian.jira.user.util.UserManager
import com.atlassian.jira.user.util.UserUtil
import org.apache.log4j.Logger
import org.apache.log4j.Level
def log = Logger.getLogger("com.jira.DelActiveScript")
log.setLevel(Level.DEBUG)
def userManager = ComponentAccessor.getUserManager()
def userUtil = ComponentAccessor.userUtil
def users = userManager.getAllApplicationUsers()
def array = users.toArray()
def groupManager = ComponentAccessor.getGroupManager()
for (int i =0; i < array.size(); i ++){
def user = array[i].getName().toString()
if(!userManager.getUserByName(user).isActive()){
def groups = groupManager.getGroupsForUser(user)
for (int j =0; j < groups.size(); j ++){
if(groups[j].getName().toString() != "jira-users"){
def groupName = groups[j].getName().toString()
log.debug(user + " - " + groupName)
def group = groupManager.getGroup(groupName)
userUtil.removeUserFromGroup(group, userManager.getUserByName(user))
}
}
}
}
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
@Chris Shepherd I am looking to remove Inactive users from all my groups, including jira-users. I think this is what you were trying to achieve. Can you help me understand what is happening in this portion of your script above?
for (int j =0; j < groups.size(); j ++){
if(groups[j].getName().toString() != "jira-users"){
def groupName = groups[j].getName().toString()
log.debug(user + " - " + groupName)
I am not strong with scripting (obviously). Thank you.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Well, it's 5 years since I wrote it but:
for (int j =0; j < groups.size(); j ++){
is creating a counter (j) to loop through all the groups
if(groups[j].getName().toString() != "jira-users"){
Get the group name for the counter.
If the group name is not equal (!=) to jira-users then do the next bit
def groupName = groups[j].getName().toString()
get the group name (again! who wrote this rubbish :) )
log.debug(user + " - " + groupName)
write it to the log file to show whats going on
def group = groupManager.getGroup(groupName)
userUtil.removeUserFromGroup(group, userManager.getUserByName(user))
Then take them out the group.
I ignore the jira-users group as that is controlled by ldap in our instance. but if you don't want to do that remove the
if(groups[j].getName().toString() != "jira-users"){
HTH
Chris
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Thank you so, so much. And I love your rubbish comment. Made me laugh--thanks.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Tried running this and removed
if(groups[j].getName().toString() != "jira-users"
Result shows "null"
The Log is packed full of entries identifying the Inactive User and group assignment, then the INFO message"[IssueSecurityLevelManagerImpl.projectAndUserToSecurityLevelCache]: Cache com.atlassian.jira.issue.security.IssueSecurityLevel managerImpl.projectAndUserToSecurityLevelCache was flushed
When I go back to the User Management area though, all the Inactive users are still assigned to all their groups, though. Any guidance if appreciated.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Sorry don't really know why that wouldn't work. you could try adding some more logging:
change
def group = groupManager.getGroup(groupName)
userUtil.removeUserFromGroup(group, userManager.getUserByName(user))
to
def group = groupManager.getGroup(groupName)
def userObj = userManager.getUserByName(user)
log.debug(group)
log.debug(userObj)
userUtil.removeUserFromGroup(group, userObj)
If either group or userobj display as null then that might be the problem.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Yeah, now I'm seeing info about Crowd and immutable groups. I'll have to dive into this. Thank you!!
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
Ive used deprecated method in it, but it should work i think.
{code}
import com.atlassian.jira.component.ComponentAccessor
import com.atlassian.jira.security.groups.GroupManager
import com.atlassian.jira.user.ApplicationUser
import com.atlassian.jira.user.util.UserManager
import com.atlassian.jira.user.util.UserUtil
def userManager = ComponentAccessor.getUserManager()
def userUtil = ComponentAccessor.userUtil
def users = userManager.getAllApplicationUsers()
def array = users.toArray()
def groupManager = ComponentAccessor.getGroupManager()
for (int i =0; i < array.size(); i ++){
def iter = array[i].getName().toString()
print iter
def groups = groupManager.getGroupsForUser(iter)
def currentApplicationUser = userManager.getUserByName(iter)
print currentApplicationUser
if(!userManager.getUserByName(iter).isActive()){
userUtil.removeUserFromGroups(groups, currentApplicationUser)
}
}
{code}
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Thanks so much, it wasn't exactly what I needed but got me right to the edge of what was required.
Thanks Loads
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Thanks for this, I faced a similar req, but removing just from a specific group since we synch groups from LDAP, here's my modified version, saved it in ScriptEditor, and used it with different group names as separate ScriptRunner Jobs:
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Thanks for that @efrel !
I have tried using this and see some warnings appear in ScriptEditor.
The first is concerning line 17 and the variable "log":
If I change that to "logs" another warning appears, this time on line 27, concerning an improved search method:
Do you have any tips on how to deal with this?
Can it safely be ignored, or could you improve it, maybe?
Many thanks and kind regards.
Michiel
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Michiel, apparently there are newer more efficient ways to accomplish this now, I upgraded my code as well and tested successfully on 8.22.6, here it is:
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.