Current behavior

Confluence administrator will add/delete groups from time to time in Confluence. Should for some reason that:

• The user directory where the user belongs to does not have the correct permission for Confluence Administrator to alter user memberships
  • The user directory has "Read Only" permission
  • The user directory is on "Read Only with Local Groups" and the group that was assigned to is not a local group

Admin will receive the following error on UI: "Could not add user 'xxxx' as a member of group 'confluence-administrators'. Check your server logs for more information"

Upon checking atlassian-confluence.log, the following error message is observed:

2017-11-01 21:25:30,783 ERROR [http-nio-8632-exec-2] [bucket.user.DefaultUserAccessor] addMembership Failed to add 'xxxxxx' as a member of 'group/1'
 -- referer: http://localhost:8632/confluence/admin/users/editusergroups-start.action?username=xxxx | url: /confluence/admin/users/editusergroups.action | traceId: 6cfe1311615c6e95 | userName: admin | action: editusergroups
com.atlassian.user.EntityException: com.atlassian.crowd.exception.OperationNotPermittedException: com.atlassian.crowd.exception.ApplicationPermissionException: Did not have update groups permission in any of the directories []

Resolution is to change the permission of the user directory accordingly.

Desired behavior / Suggestions

1. Have a better error message displayed so that Confluence Adminstrator does not need to go to the logs to find out the issue. Example error message that would be better:

   Unable to update user into group: The directory: XXX does not have "Write" Permission. Check the KB: https://confluence.atlassian.com/pages/viewpage.action?pageId=302812802

2. Hide the "Edit Groups" option when the User Directory is on "Read Only" permission
   
3. Provide warning in the UI, similar to the behavior seen in Crowd 3.1.1: