Details
-
Suggestion
-
Resolution: Won't Do
-
None
Description
NOTE: This suggestion is for JIRA Server. Using JIRA Cloud? See the corresponding suggestion.
Adding 'anyone' to jira-system-administrators privileges breaks admin panel.
So, aside from the obviously bad nature of adding the anyone group to this permission, it tends to leave things in a broken state afterwards. The Admin panel does not render anything and there are stack traces in the logs like this:
Nov 11, 2011 4:05:07 PM org.apache.catalina.core.ApplicationDispatcher invoke SEVERE: Servlet.service() for servlet jsp threw exception java.lang.IllegalArgumentException: entityNameToMatch argument cannot be null at org.apache.commons.lang.Validate.notNull(Validate.java:192) at com.atlassian.crowd.search.query.membership.MembershipQuery.<init>(MembershipQuery.java:26) at com.atlassian.crowd.search.query.membership.UserMembersOfGroupQuery.<init>(UserMembersOfGroupQuery.java:11) at com.atlassian.crowd.search.builder.QueryBuilder.createMembershipQuery(QueryBuilder.java:179) at com.atlassian.crowd.search.builder.QueryBuilder$PartialMembershipQueryWithNameToMatch.returningAtMost(QueryBuilder.java:287) at com.atlassian.jira.user.util.UserUtilImpl.getGroupMembers(UserUtilImpl.java:1197) ...
What's curious about this, is I can't replicate it on a clean install, but the problem has occurred to a number of customers - they did appear to be using apache or other proxies to clean up the URL in each case.
We've got a number of tickets about warning people when adding the anyone group here - I wonder if there's possibly now enough reason to prevent people from adding the anyone group to jira-system-admins at all? Is there even a use case for that permission?
Workaround
Please refer to our Error Creating New Ticket or Accessing Administration Section After JIRA Upgrade KB article for further information on how to fix this.
Suggested Fix
Add an upgrade task to check for this, and if it exists remove those 'Anyone' permissions provided it does not restrict access to log into the instance.
Notes
It is also possible this error may occur when performing an in-place upgrade from 3.3.1 to 4.4.5. This is not the recommended method, please use the XML method as per Upgrading JIRA 3.x Data to JIRA 6.x.
Attachments
Issue Links
- relates to
-
JRACLOUD-26304 Prevent 'Anyone' role from being assigned sysadmin permissions
- Closed