Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Unable to remove a user from jira-administrators

Nabil Sayegh
Nabil Sayegh
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
October 8, 2012

I'm using JIRA 4.4 and need to remove some users from jira-administrators. However, for one of these users it's impossible to remove him from the group (no, he's _not_ the last member).

Any idea?

rgds

Edit: Problem remains, even after upgrading to 5.1.8.

Answer
Watch
Like Be the first to like this
1696 views

8 answers

1 accepted

1 vote
Answer accepted
Nabil Sayegh
Nabil Sayegh
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
January 21, 2013

As you can see, the user 19310 from group jira-administrators doesn't exist. It must be 19312.
The reason why it works in one case (he has working privileges) and doesn't work in other
cases (he can't be removed) must be, that the jira code references users inconsistently.
In one case it seems to use the ID and in the other case the name. 

SELECT
m.ID, m.parent_id, m.child_id, m.membership_type,
	m.group_type, m.parent_name, m.directory_id, m.child_name
FROM
	cwd_group g
	JOIN cwd_membership m ON (g.ID = m.parent_id)
    LEFT OUTER JOIN cwd_user u ON u.ID = m.child_id
WHERE
	group_name = 'jira-administrators'
	AND (
		child_name like '%wolf-gideon%' OR
		child_name like '%nabil%'
	)

SELECT
	ID,
	directory_id,
	first_name
FROM
	cwd_user
WHERE
	user_name like '%wolf-gideon%' OR
	user_name like '%nabil%'

ID	parent_id	child_id	membership_type	group_type	parent_name	directory_id	child_name
36350	15357	15322	GROUP_USER	NULL	jira-administrators	10000	nabil.sayegh@example.com
37108	15357	19310	GROUP_USER	NULL	jira-administrators	10000	wolf-gideon.bleek@example.com
ID	directory_id	first_name
15322	10000	Nabil ,
19312	10000	Wolf-Gideon

View More Comments
Nabil Sayegh
Nabil Sayegh
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
January 21, 2013

It's an official bug: https://jira.atlassian.com/browse/JRA-25611

Like
Reply
0 votes
Naren3
Naren
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
January 21, 2013

Can you try removing the association of that user with the 'jira-administrators' group through the database. Below is the SQl query -

SQL> SELECT * FROM cwd_membership WHERE child_name = 'user_name';  
//This will fetch mutliple rows for a user present in different groups.  

//Find the CWD_MEMBERSHIP.ID value for row containing 'jira-users' value.    
SQL> DELETE FROM cwd_membership WHERE id = 16217;    

//ID=16127 belongs to the row for 'jira-administrators' group.    

SQL> COMMIT;

NOTE: Test this on your test JIRA instance by shutting down the JIRA DB and then restart and reindex after executing the above SQL query. Take and XML backup before applying it on our production JIRA.

Reply
0 votes
Naren3
Naren
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
January 21, 2013

Can you try removing association of that user with the 'jira-administrators' group by using the database approach. Below is the SQl query -

SQL> SELECT * FROM cwd_membership WHERE child_name = 'user_name';  

//This will fetch mutliple rows for a user present in different groups. 
 
//Find the CWD_MEMBERSHIP.ID value for row containing 'jira-administrators' value.    
SQL> DELETE FROM cwd_membership WHERE id = 16217;    

//ID=16127 belongs to the row for 'jira-administrators' group.
    
SQL> COMMIT;

NOTE: Test this on your test JIRA instance by shutting down the JIRA DB and then restart and reindex after executing the above SQL query. Take and XML backup before applying it on our production JIRA.

Reply
0 votes
JamesR
JamesR January 21, 2013

If you "...don't want to delete that user...," why not upgrade to v5 and simply deactivate the user / administrator?

https://confluence.atlassian.com/display/JIRA/Managing+Users#ManagingUsers-deactivateuser

View More Comments
Nabil Sayegh
Nabil Sayegh
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
January 21, 2013

As I already wrote: I don't want to remove the user. Apart from that we already upgraded to 5.1. The problem remains.

Like
JamesR
JamesR January 21, 2013

Deactivate does not remove.

Like
Nabil Sayegh
Nabil Sayegh
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
January 21, 2013

The user still needs to work with jira. He just shouldn't be an admin.

Like
Reply
0 votes
Septa Cahyadiputra
Septa Cahyadiputra
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
October 9, 2012

If JIRA is connected to LDAP or any external user management and configured to use "read-only" privilege you might want to review the following KB that may help you on this issue:

Hope it helps.

Cheers,
Septa Cahyadiputra

View More Comments
Nabil Sayegh
Nabil Sayegh
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
October 9, 2012

JIRA is connected to multiple LDAPs (1st manual, 2nd import) but all of them are configured for read&write.

The internal directory is disabled.

Both LDAPs contain a group jira-administrators and _none_ of them contain that user.

I have no idea, why that user has admin rights (though I know the person itself, so it isn't an intruder).

Like
Nabil Sayegh
Nabil Sayegh
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
October 9, 2012

I just added a user via jira's web interface and afterwards synced the directories, but I can't see the user ending up as uniqueMember of that group in ldap. There must be some kind of internal directory used although I disabled it explicitly.

I wasn't able to attach my config due to the character limit, so I pasted it there: http://pastebin.com/8Sd8ZHqC

Like
Septa Cahyadiputra
Septa Cahyadiputra
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
October 9, 2012

You might want to put JIRA internal director on the lowest order and see if it helps. If JIRA is confirmed to have the write the LDAP directory then it seems your assumption is correct.

Cheers,
Septa Cahyadiputra

Like
Nabil Sayegh
Nabil Sayegh
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
October 9, 2012

Moved the disabled internal directory to the bottom, still unable to remove that user

Enabled the internal directory, saw additional members, still unable to remove that user

I'll restart jira tonight, maybe that helps.

Like
Nabil Sayegh
Nabil Sayegh
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
October 16, 2012

Unfortunately the problem couldn't be solved via a restart.

Like
Reply
0 votes
Septa Cahyadiputra
Septa Cahyadiputra
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
October 9, 2012

Any error specified when you try to remove the user?

Reply
0 votes
Nabil Sayegh
Nabil Sayegh
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
October 9, 2012

Neither in browser nor in the log file

Reply
0 votes
Norman Abramovitz
Norman Abramovitz
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
October 8, 2012

Is that person assigned to any issues? if so, reassign those issues and try again.

View More Comments
Nabil Sayegh
Nabil Sayegh
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
October 8, 2012

I don't want to delete that user. I only want to remove it from the admin group.

Like
Norman Abramovitz
Norman Abramovitz
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
October 8, 2012

What does your jira log state when you try to remove that user from the admin group?

Like
Nabil Sayegh
Nabil Sayegh
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
October 9, 2012

Neither in browser nor in the log file

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira Software
TAGS
AUG Leaders

Atlassian Community Events

    See all events