User can't close an issue

I notice some inconsistency: when I query the Windows domain AD using the LDAP Browser, his id is not in jira-users and jira-developers, but inside the JIRA, his id has these groups. What could be wrong?

Thanks

Jirong

2 answers

Are you sure those are the exact same groups?  Our JIRA uses jira-users and jira-developers groups, but those are local to the JIRA instance only, they don't replicate back to Active Directory.  So it is possible to have two groups with very similar names but different purposes. 

See JIRA Administration | User Management | User Directories.  Is your type "Read Only, with Local Groups" or "Read/Write"?

 

Yes, they are the same group names. It's Read Only. I can see this kind of inconsistency with my id too, e.g, I can see my id in jira-developers in JIRA, but not in domain AD.

You can't edit a read-only AD group in JIRA. "jira-users" and "jira-developers" are local JIRA groups that are created when JIRA is installed and configured, so it shouldn't be possible to have one set of user accounts in JIRA and another set in AD. Since they're local, they shouldn't show up in AD at all. Theoretically, maybe someone created AD groups with the exact same names, not realizing it was unnecessary? I know user accounts get deleted from our Active Directory, but JIRA is written so that it assumes user accounts are never deleted. This means that user accounts that no longer exist in AD will still exist in JIRA if they ever had a JIRA assigned, commented, etc. I'm waiting for the day that a collision occurs in JIRA when a new AD user account identically named to a previously deleted AD account is created. JIRA will probably assume it is the same user.

We ran into a similar issue with a user that was an employee (lots of permissions) that went to work for a client with limited access to our JIRA instance.  The problem – the user still had all their old groups even though it was not reflected that way under user management.    The solution - I found the "orphaned"  relationship mappings in a table called CWD_Membership.  Once I deleted the relationships from the table the user's groups and permissions were corrected.  You may find some help at this link if your problem is similar: https://confluence.atlassian.com/pages/viewpage.action?pageId=281480970

 

Suggest an answer

Log in or Join to answer
Community showcase
Sarah Schuster
Posted Jan 29, 2018 in Jira

What are common themes you've seen across successful & failed Jira Software implementations?

Hey everyone! My name is Sarah Schuster, and I'm a Customer Success Manager in Atlassian specializing in Jira Software Cloud. Over the next few weeks I will be posting discussion topics (8 total) to ...

2,878 views 12 18
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you
Atlassian Team Tour

Join us on the Team Tour

We're bringing product updates and pro tips on teamwork to ten cities around the world.

Save your spot