-
Suggestion
-
Resolution: Fixed
-
567
-
83
-
Problem Definition
We currently have a count of the licenses currently in use in Confluence, but we don't have a list of which users are consuming these licenses.
Suggested Solution
- Have a screen that will list out the users that are consuming towards the license, complete with the details on which group/user directory they belong to
- Somewhat like what JIRA have in their Application Access page. See screenshot for details
Why this is important
When users have a Confluence instance with a large set of users and nested groups, sometimes the count is different than the actual number of users. It is important to know exactly which users are consuming these licenses.
Workaround
If using Confluence 7.0.2, or enterprise releases 6.6.17+ or 6.13.9+:
- Go to the "Logging and profiling" administration screen
- Add an entry for "com.atlassian.confluence.user.DefaultUserAccessor" with level "DEBUG"
- Go to the "License Details" administration screen
- Tail your Confluence log file
- Hit the "Refresh" button under the "Licensed users" section
- Look for a line like this in your log file
2019-09-17 10:36:34,271 DEBUG [read-only-transaction:thread-1] [atlassian.confluence.user.DefaultUserAccessor] getUserNamesWithConfluenceAccess Found n licensed users: [user1, user2, ...]
Ensure that only selected groups are counted towards the license:
- Create a group with all users that should be counting towards the license;
- Create a new filter using the group created's DN;
- In Confluence, go to the cog icon >> User Management;
- On the left sidebar, select User Directories;
- Click to Edit your current directory;
- Under User Schema >> User Object Filter, paste the filter created;
- Save the changes and synchronize.
Use SQL query to list out users that are counted towards the license:
How to get a list of active users counting towards the Confluence license.
However, the above SQL query will not list users that are counted towards the license as a result of nested groups.
Create a user macro:
Create a User Macro
Use the following code into the macro:
## Macro title: Last Login ## Macro has a body: N ## Body processing: Selected body processing option ## Output: Selected output option ## ## Developed by: Andrew Frayling ## Modified by: Michael Seager [Atlassian Support] ## Date created: 11/02/2012 ## Installed by: <your name> ## Macro to display the last login date of users who have access to the current space ## @noparams #set($containerManagerClass = $content.class.forName('com.atlassian.spring.container.ContainerManager')) #set($getInstanceMethod = $containerManagerClass.getDeclaredMethod('getInstance',null)) #set($containerManager = $getInstanceMethod.invoke(null,null)) #set($containerContext = $containerManager.containerContext) #set($loginManager = $containerContext.getComponent('loginManager')) #set($users = $userAccessor.getUsers()) <table class="confluenceTable"> <tr> <th class="confluenceTh">Count</th> <th class="confluenceTh">User</th> <th class="confluenceTh">Last Successful Login</th> </tr> #set($count = 0) #foreach($user in $users) ## list the last login date of users who can view the current space #if ($permissionHelper.canView($user, $space)) #set($count = $count + 1) <tr> <td class="confluenceTd">$count</td> <td class="confluenceTd">#usernameLink($user.name)</td> <td class="confluenceTd">$action.dateFormatter.formatDateTime($loginManager.getLoginInfo($user.name).lastSuccessfulLoginDate)</td> </tr> #end #end </table>
Add the macro into a page
Do note that this is a macro created by third party. There is no guarantee that this user macro will be working in your version and in the future version.
Also note that this user macro will not count if the user(s) has no view permission to the space this macro is placed in. It is recommended to place this in a space that everyone has view permission. (Page Restriction however, is not affected)
Script based on the REST API
If you use a specific group to manage access to Confluence, then the following shell script will give you the list of all users that are assigned to that group.
jq CLI is needed to format the API method output.
USRNAME=admin USRPWD=admin CONFBASEURL=http://localhost:6682/confluence GROUP_NAME=confluence-users echo "Username;Fullname" > /tmp/confluence_users.list REST_NEXT_LINK=/rest/experimental/group/$GROUP_NAME/member while [ "$REST_NEXT_LINK" != "null" ]; do REST_FULL_RESULT=$(curl --user $USRNAME:$USRPWD -H "Content-Type: application/json" -H "Accept: application/json" $CONFBASEURL$REST_NEXT_LINK 2>/dev/null) echo $REST_FULL_RESULT | jq -r '.results[] | "\(.username);\(.displayName)"' >> /tmp/confluence_users.list REST_NEXT_LINK=$(echo $REST_FULL_RESULT | jq -r '._links.next' 2>/dev/null) done
Dear Customers,
Thank you for your patience in waiting for us to look into this issue. We understand the level of frustration that would be caused by the lack of this feature. When the number of licence seats becomes exhausted and Confluence goes into read-only mode it can pause vital business activity across an organisation and needs to be remedied quickly. This is why we are taking a multi-step approach towards resolving this issue.
In Confluence 8.0 we will be shipping the capability for the UI to filter in only licensed users along with the capability to view last logged-in dates within the user browser (CONFSERVER-1556). This is to help admins quickly discover users that could be disabled and free up license seats on the spot.
We do realise that this solution may have some shortcomings for our larger customers, so soon in Confluence 8.x we wish to also ship an API that will output an instance’s user list with their last logged-in date which is filterable by either; all, licenced, or unlicensed statuses.
We hope that these two increments will help solve for the problem of licensing visibility across our application. In the meantime other solutions around this include:
- There’s a KB article explaining how to output this list of users via logging or SQL
- For customers with Crowd co-ownership please take a look at the Centralized license visibility plugin
Kind regards,
Michael Andreacchio | Product Manager - Confluence DC
- incorporates
-
CONFSERVER-58875 Add logging to export the list of licensed Confluence users
- Closed
- is related to
-
CONFSERVER-1556 Display last login time in UserBrowser
- Closed
-
CONFSERVER-27524 Exceed user limit should not make all users read-only
- Under Consideration
- relates to
-
CONFSERVER-37100 REST API to retrieve users counting towards Confluence license
- Closed
-
CONFSERVER-56110 Provide a REST API for retrieving License Details
- Closed
-
CONFSERVER-81153 Provide a REST API to easily retrieve a list of all users counting towards the Confluence license count and all users
- Closed
- mentioned in
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...