-
Bug
-
Resolution: Cannot Reproduce
-
Medium
-
1.4.4
-
None
To replicate:
Parent Group: jira-users
Child Group of jira-users: jira-nested-group
User donna is a member of jira-nested-group.
Donna cannot login because the only group that has the JIRA Users global permission (Admin -> Global Settings -> Global Permissions) is the jira-users group.
- is related to
-
-
- Gathering Impact
-
- relates to
-
JRASERVER-4318 Nesting groups within groups
- Closed
[CWD-1187] Nested groups do not work with JIRA Global Permissions
Tom Wilberding
added a comment - This is a big deal for us too. One of the main selling points in bringing the Atlassian suite in, was that we could integrate with our Active Directory and stop managing a bunch of passwords and groups.
Crowd does unify the passwords for us, but we are still forced to manage the jira-users group by hand rather than using composition of existing groups. Confluence behaves as expected, but not JIRA.
Tom Wilberding
added a comment - This is a big deal for us too. One of the main selling points in bringing the Atlassian suite in, was that we could integrate with our Active Directory and stop managing a bunch of passwords and groups.
Crowd does unify the passwords for us, but we are still forced to manage the jira-users group by hand rather than using composition of existing groups. Confluence behaves as expected, but not JIRA. 
Tjerk Stroband
added a comment - After doing some testing we suspect
the following is happening:
After authenticating a user in Crowd Jira will probably ask crowd for a list of groups that the user belongs to.
The list returned by Crowd probably only contains the groups that the users actually belongs to and not the "parent groups" (the groups that these groups belong to)
A (possible) solution could be that when Jira requests the groups of a particular user that Crowd will recursivly find all the groups of that user and any parent groups of the groups.
This is a major issue for us! We hope you will fix this soon!
Tjerk Stroband
added a comment - After doing some testing we suspect the following is happening:
After authenticating a user in Crowd Jira will probably ask crowd for a list of groups that the user belongs to.
The list returned by Crowd probably only contains the groups that the users actually belongs to and not the "parent groups" (the groups that these groups belong to)
A (possible) solution could be that when Jira requests the groups of a particular user that Crowd will recursivly find all the groups of that user and any parent groups of the groups.
This is a major issue for us! We hope you will fix this soon!
Marcus Malcom
added a comment - I can confirm this issue is happening to me as well. I'm not sure. It actually appears that, on the initial login, donna is returned to the "You do not have a permission to log in. If you think this is incorrect, please contact the administrators." screen in JIRA. However, if you refresh to the base URL, donna is actually logged in. Debugging further...
Unfortunately, fixing this has slipped to 1.6.2. Apologies for the delay.