Uploaded image for project: 'Confluence Data Center'
  1. Confluence Data Center
  2. CONFSERVER-19116

Only show users with "can use" permission in People Directory

    • We collect Confluence feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

      NOTE: This suggestion is for Confluence Server. Using Confluence Cloud? See the corresponding suggestion.

      Currently, the Confluence People Directory includes all users that once logged in to the wiki. In combination with External User Management "old" users that are no longer "active" are displayed forever.
      There should be an option to only display active users that have the "Can Use" permission.

            [CONFSERVER-19116] Only show users with "can use" permission in People Directory

            Hans-Peter Geier added a comment - - edited

            Hi richatkins , (@richatkins) as your admitted your fault in creating this (potentially unwanted) new behavior, can you please own the bug fix ticket (CONF-41178) and work on it ASAP?  Currently it is classified as "Suggestion" and "Needs validatation".  In my mind this needs to become a "bug" (or "Defect"), and classified "Serious" and fixed within the 5.9 and 5.10 releases. Not only 6.x.

             

            I also want to complain that the new behavior was not mentioned in the release notes. I had raised a support ticket on this new behavior, and even the Atlassian support person was not aware of it. He had to read the code to fine out !!! 

            This has cost me many hours and headaches, and I almost canceled our next upgrade for this reason.

            As it stands now, we cannot find thouse users anywhere in Confluence (besides of System Manangement -> Manage user) , cannot see it under "People", cannot add permissions, cannot @mention and cannot share a page to such people. This is a massive loss of functionality, therefore I call it a serious bug which was introduced here.

            Hans-Peter Geier added a comment - - edited Hi richatkins , (@richatkins) as your admitted your fault in creating this (potentially unwanted) new behavior, can you please own the bug fix ticket ( CONF-41178 ) and work on it ASAP?  Currently it is classified as "Suggestion" and "Needs validatation".  In my mind this needs to become a "bug" (or "Defect"), and classified "Serious" and fixed within the 5.9 and 5.10 releases. Not only 6.x.   I also want to complain that the new behavior was not mentioned in the release notes. I had raised a support ticket on this new behavior, and even the Atlassian support person was not aware of it. He had to read the code to fine out !!!  This has cost me many hours and headaches, and I almost canceled our next upgrade for this reason. As it stands now, we cannot find thouse users anywhere in Confluence (besides of System Manangement -> Manage user) , cannot see it under "People", cannot add permissions, cannot @mention and cannot share a page to such people. This is a massive loss of functionality, therefore I call it a serious bug which was introduced here.

            Jeff Tysco added a comment -

            @Richard Atikins
            We utilize the User Profiles for Confluence add-on to sync our AD Attributes to the people profiles (Name, Department, Location, Phone, Position, Reports To). So in this instance, these users did not need a license, nor did they need to populate/edit this profile themselves.

            Thank you looking into this issue!

            Jeff Tysco added a comment - @Richard Atikins We utilize the User Profiles for Confluence add-on to sync our AD Attributes to the people profiles (Name, Department, Location, Phone, Position, Reports To). So in this instance, these users did not need a license, nor did they need to populate/edit this profile themselves. Thank you looking into this issue!

            This feature was implemented as part of improving how Confluence works with userbases that include a lot of unlicensed users, such as when integrating with JIRA Service Desk.

            It's my fault that there is no admin option to turn this behaviour off, as I assumed that on balance, it was more useful to just not show unlicensed users than to add another configuration flag to our overstretched options screens. I was wrong about that. I've raised https://jira.atlassian.com/browse/CONF-41178 to help get this addressed. Please comment there if you have further suggestions for how that option should work.

            jeff.tysco I'm confused by you using the People Directory feature to view contact details for unlicensed users. Unless you've got some custom scripting or add-ons populating that, it can only be edited by the users themselves, and only when they have a license.

            raymond.santangelo2 agreed that there should be some mechanism for getting the spelling of users names correct, and mentions autocomplete is the best way we have today.

            Richard Atkins added a comment - This feature was implemented as part of improving how Confluence works with userbases that include a lot of unlicensed users, such as when integrating with JIRA Service Desk. It's my fault that there is no admin option to turn this behaviour off, as I assumed that on balance, it was more useful to just not show unlicensed users than to add another configuration flag to our overstretched options screens. I was wrong about that. I've raised https://jira.atlassian.com/browse/CONF-41178 to help get this addressed. Please comment there if you have further suggestions for how that option should work. jeff.tysco I'm confused by you using the People Directory feature to view contact details for unlicensed users. Unless you've got some custom scripting or add-ons populating that, it can only be edited by the users themselves, and only when they have a license. raymond.santangelo2 agreed that there should be some mechanism for getting the spelling of users names correct, and mentions autocomplete is the best way we have today.

            We are having the same issue, after upgrading to Confluence Server 5.9: we lost the ability to "@" mention people from our Active Directory who are not "Can Use" users. (This is useful at the enterprise level where, often we are unsure of the spelling of people's names when referencing them in content, as well as other use cases.)

            The description of this issue states "There should be an option", so I would expect this to be an option and not hard-coded ... can you tell me where the option is located?

            Raymond Santangelo added a comment - We are having the same issue, after upgrading to Confluence Server 5.9: we lost the ability to "@" mention people from our Active Directory who are not "Can Use" users. (This is useful at the enterprise level where, often we are unsure of the spelling of people's names when referencing them in content, as well as other use cases.) The description of this issue states "There should be an option", so I would expect this to be an option and not hard-coded ... can you tell me where the option is located?

            Jeff Tysco added a comment - - edited

            Was this issue rolled out in 5.9? I ask because I just upgraded yesterday and am observing users who don't have "can use" permissions are not listed, which is the opposite of what everyone else is wanting.

            Instead of hard programming this functionality, can it be made into an option for us to choose in General Settings, for those who make use of this data? I.E. We display all users in the People Directory to lookup phone/email/department/manager information, in addition to entry in confiforms that our management team to track information regarding employees. These employees don't have/need "can use" permissions to Confluence.

            I personally don't have this issue, but I am making use of our Base DN's and the Filter functionality as well. I.E. In our AD Environment, I'm using the following as a User Object Filter: (&(objectCategory=Person)(sAMAccountName=)(company=BCA)(!(UserAccountControl:1.2.840.113556.1.4.803:=2)))

            company=BCA* is so we only select our internal staff, not clients/vendors or etc...
            UserAccountControl is the AD property to determine if a user is disabled.

            Looking forward to an update/correction.

            Jeff Tysco added a comment - - edited Was this issue rolled out in 5.9? I ask because I just upgraded yesterday and am observing users who don't have "can use" permissions are not listed, which is the opposite of what everyone else is wanting. Instead of hard programming this functionality, can it be made into an option for us to choose in General Settings, for those who make use of this data? I.E. We display all users in the People Directory to lookup phone/email/department/manager information, in addition to entry in confiforms that our management team to track information regarding employees. These employees don't have/need "can use" permissions to Confluence. I personally don't have this issue, but I am making use of our Base DN's and the Filter functionality as well. I.E. In our AD Environment, I'm using the following as a User Object Filter: (&(objectCategory=Person)(sAMAccountName= )(company=BCA )(!(UserAccountControl:1.2.840.113556.1.4.803:=2))) company=BCA* is so we only select our internal staff, not clients/vendors or etc... UserAccountControl is the AD property to determine if a user is disabled. Looking forward to an update/correction.

            Thanks for the update richatkins . Glad to hear it's making good progress and looking forward to upgrading our server installation once it's in a release.

            Leila Pearson added a comment - Thanks for the update richatkins . Glad to hear it's making good progress and looking forward to upgrading our server installation once it's in a release.

            lpearson We're making good progress on getting this fixed, and should have it in testing soon. I'm as anxious as you to get this shipped. When we're confident that we've fixed this issue without introducing any side effects, we'll roll it out on the Monday following that for deployment to Cloud. We're nearly there!

            Richard Atkins added a comment - lpearson We're making good progress on getting this fixed, and should have it in testing soon. I'm as anxious as you to get this shipped. When we're confident that we've fixed this issue without introducing any side effects, we'll roll it out on the Monday following that for deployment to Cloud. We're nearly there!

            We are also seeing lots of users who have never logged into Confluence and do not have access to Confluence and never have had that access. We did originally set up our Confluence site to use JIRA for user management - but these users (a lot of them are administrative accounts or other special accounts in Active Directory) never had access to JIRA or Confluence. The people directory is very confusing to look at since it shows all of these non-people users along-side real people - and also actual people (some external contractors for example) who don't have access and should not be listed there.

            Any updates on a fix for this?

            Leila Pearson added a comment - We are also seeing lots of users who have never logged into Confluence and do not have access to Confluence and never have had that access. We did originally set up our Confluence site to use JIRA for user management - but these users (a lot of them are administrative accounts or other special accounts in Active Directory) never had access to JIRA or Confluence. The people directory is very confusing to look at since it shows all of these non-people users along-side real people - and also actual people (some external contractors for example) who don't have access and should not be listed there. Any updates on a fix for this?

            Can we get an update on when deactivated users no longer appear in the People Directory. It has been too long for this fix to happen

            https://jira.atlassian.com/browse/CONF-28888

            Caroline King added a comment - Can we get an update on when deactivated users no longer appear in the People Directory. It has been too long for this fix to happen https://jira.atlassian.com/browse/CONF-28888

            More notes:

            • will the profile macro function? (the one that pops the user avatar in the page and shows more info on hover)
            • will the change to user aggregation - cross platform (see slancashire for more ) affect this story?

            Dee (Inactive) added a comment - More notes: will the profile macro function? (the one that pops the user avatar in the page and shows more info on hover) will the change to user aggregation - cross platform (see slancashire for more ) affect this story?

              richatkins Richard Atkins
              wonnekeysers Wonne
              Votes:
              28 Vote for this issue
              Watchers:
              29 Start watching this issue

                Created:
                Updated:
                Resolved: