Unable to remove permissions from user/group that got re-named or re-created with the same name but mixed-case letters

Summary

Example:

If a user/group coming from Jira/Crowd or LDAP to Bamboo gets renamed or recreated with the same name but mixed-case letters (e.g. from bruno.rosa to Bruno.Rosa) and that very same user/group had permissions assigned to it (e.g. Plan permissions, Deployment environment permissions, etc), it's not possible to remove the old user's permission from the UI anymore. Bamboo doesn't automatically cleanup permissions for a user/group that has been removed/renamed. In previous versions of Bamboo (e.g. 5.15.7) one would have to manually remove those permissions from the UI.

If you try to re-grant permissions to that user/group in an attempt to remove them again, duplicate records are generated in the database and now permissions are assigned to both of them (e.g. bruno.rosa and Bruno.Rosa) – taking the previous example into account. However, the page will only show one entry displaying the user's name (e.g. Bruno Rosa), almost as if you didn't have two users assigned to that permission, when in fact, you have.

Environment

• Bamboo 6.2.3 connected to Jira/Crowd or LDAP.

Steps to Reproduce

1. Configure Bamboo to use Crowd as its external user management and ensure the connection/sync is working between the applications.
2. Create a new user in Crowd named bruno.rosa and make sure it exists inside one of the directories that are sync'ed with Bamboo.
3. Go to Bamboo administration >> Overview >> Security >> User repositories and click Synchronise now to pull the changes.
4. Access the environment permission page from a Deployment Environment to define which users/groups are allowed to edit and view the Environment.
5. Give that user View and Edit permissions.
6. Go back to Crowd and rename the user to Bruno.Rosa.
7. Go to Bamboo administration >> Overview >> Security >> User repositories and click Synchronise now to pull the changes.
8. Go back to the environment permission page to check permissions.

Expected Results

• User bruno.rosa is not listed there anymore OR it's still listed there but can be removed using the icon right next to it (this used to work in previous versions of Bamboo).

Actual Results

There's still only one user listed inside the page but with NO level of permissions assigned to it. All check-boxes are empty for that user.

• Try removing the user and refreshing the page – the user will continue to show up as if it didn't have permissions anymore and yet it's showing up inside the page.

• Go to the Add users field and start typing Bruno.Rosa – you'll see the user in the list of options as if the user didn't have permissions already.
• Run the following SELECT statement to check what's the status of the permissions in the database for that particular Deployment Environment:

  select AE.*
    from ACL_ENTRY AE
    join ACL_OBJECT_IDENTITY AOI
      on AE.ACL_OBJECT_IDENTITY = AOI.ID
   where AOI.OBJECT_ID_IDENTITY = '<ENVIRONMENT_ID>';
  

  Replace <ENVIRONMENT_ID> with the Deployment Environment's ID – This can be easily identified from the URL when you access the environment permission page.
  The old permissions to user bruno.rosa will be there, in the database. Now if you go back to the page and try to grant the user Bruno.Rosa some kind of permission (e.g. View, Edit or Deploy) and re-run that SELECT query you'll see that now both bruno.rosa and Bruno.Rosa have permission to the Deployment Environment.

Notes

This might also be caused by another configuration change in Crowd. It's not only a matter of renaming/recreating the user/group but if you choose the option to convert all users/groups to lower case when passing the data to Bamboo it may have the same effect, and you'll find yourself in the same situation:

Workaround

No workarounds at the moment.