Unable to remove a user from jira-administrators

I'm using JIRA 4.4 and need to remove some users from jira-administrators. However, for one of these users it's impossible to remove him from the group (no, he's _not_ the last member).

Any idea?

rgds

Edit: Problem remains, even after upgrading to 5.1.8.

8 answers

1 accepted

This widget could not be displayed.

As you can see, the user 19310 from group jira-administrators doesn't exist. It must be 19312.
The reason why it works in one case (he has working privileges) and doesn't work in other
cases (he can't be removed) must be, that the jira code references users inconsistently.
In one case it seems to use the ID and in the other case the name.

SELECT
m.ID, m.parent_id, m.child_id, m.membership_type,
	m.group_type, m.parent_name, m.directory_id, m.child_name
FROM
	cwd_group g
	JOIN cwd_membership m ON (g.ID = m.parent_id)
    LEFT OUTER JOIN cwd_user u ON u.ID = m.child_id
WHERE
	group_name = 'jira-administrators'
	AND (
		child_name like '%wolf-gideon%' OR
		child_name like '%nabil%'
	)

SELECT
	ID,
	directory_id,
	first_name
FROM
	cwd_user
WHERE
	user_name like '%wolf-gideon%' OR
	user_name like '%nabil%'

ID	parent_id	child_id	membership_type	group_type	parent_name	directory_id	child_name
36350	15357	15322	GROUP_USER	NULL	jira-administrators	10000	nabil.sayegh@example.com
37108	15357	19310	GROUP_USER	NULL	jira-administrators	10000	wolf-gideon.bleek@example.com
ID	directory_id	first_name
15322	10000	Nabil ,
19312	10000	Wolf-Gideon

This widget could not be displayed.

Is that person assigned to any issues? if so, reassign those issues and try again.

I don't want to delete that user. I only want to remove it from the admin group.

What does your jira log state when you try to remove that user from the admin group?

Neither in browser nor in the log file

This widget could not be displayed.

Neither in browser nor in the log file

This widget could not be displayed.

Any error specified when you try to remove the user?

This widget could not be displayed.

If JIRA is connected to LDAP or any external user management and configured to use "read-only" privilege you might want to review the following KB that may help you on this issue:

Hope it helps.

Cheers,
Septa Cahyadiputra

JIRA is connected to multiple LDAPs (1st manual, 2nd import) but all of them are configured for read&write.

The internal directory is disabled.

Both LDAPs contain a group jira-administrators and _none_ of them contain that user.

I have no idea, why that user has admin rights (though I know the person itself, so it isn't an intruder).

I just added a user via jira's web interface and afterwards synced the directories, but I can't see the user ending up as uniqueMember of that group in ldap. There must be some kind of internal directory used although I disabled it explicitly.

I wasn't able to attach my config due to the character limit, so I pasted it there: http://pastebin.com/8Sd8ZHqC

You might want to put JIRA internal director on the lowest order and see if it helps. If JIRA is confirmed to have the write the LDAP directory then it seems your assumption is correct.

Cheers,
Septa Cahyadiputra

Moved the disabled internal directory to the bottom, still unable to remove that user

Enabled the internal directory, saw additional members, still unable to remove that user

I'll restart jira tonight, maybe that helps.

Unfortunately the problem couldn't be solved via a restart.

This widget could not be displayed.

If you "...don't want to delete that user...," why not upgrade to v5 and simply deactivate the user / administrator?

https://confluence.atlassian.com/display/JIRA/Managing+Users#ManagingUsers-deactivateuser

As I already wrote: I don't want to remove the user. Apart from that we already upgraded to 5.1. The problem remains.

Deactivate does not remove.

The user still needs to work with jira. He just shouldn't be an admin.

This widget could not be displayed.

Can you try removing association of that user with the 'jira-administrators' group by using the database approach. Below is the SQl query -

SQL> SELECT * FROM cwd_membership WHERE child_name = 'user_name';  

//This will fetch mutliple rows for a user present in different groups. 
 
//Find the CWD_MEMBERSHIP.ID value for row containing 'jira-administrators' value.    
SQL> DELETE FROM cwd_membership WHERE id = 16217;    

//ID=16127 belongs to the row for 'jira-administrators' group.
    
SQL> COMMIT;

NOTE: Test this on your test JIRA instance by shutting down the JIRA DB and then restart and reindex after executing the above SQL query. Take and XML backup before applying it on our production JIRA.

This widget could not be displayed.

Can you try removing the association of that user with the 'jira-administrators' group through the database. Below is the SQl query -

SQL> SELECT * FROM cwd_membership WHERE child_name = 'user_name';  
//This will fetch mutliple rows for a user present in different groups.  

//Find the CWD_MEMBERSHIP.ID value for row containing 'jira-users' value.    
SQL> DELETE FROM cwd_membership WHERE id = 16217;    

//ID=16127 belongs to the row for 'jira-administrators' group.    

SQL> COMMIT;

NOTE: Test this on your test JIRA instance by shutting down the JIRA DB and then restart and reindex after executing the above SQL query. Take and XML backup before applying it on our production JIRA.

Suggest an answer

Log in or Sign up to answer
Atlassian Summit 2018

Meet the community IRL

Atlassian Summit is an excellent opportunity for in-person support, training, and networking.

Learn more
Community showcase
Posted Wednesday in New to Jira

Are you planning to trial, or are currently trialling Jira Software? - We want to talk to you!

Hello! I'm Rayen, a product manager at Atlassian. My team and I are working hard to improve the trial experience for Jira Software Cloud. We are interested in   talking to 20 people planning t...

97 views 1 0
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you