-
Suggestion
-
Resolution: Fixed
-
301
-
6
-
Currently, Confluence REST API only offers GET methods when it comes to users, as described in the API documentation available here.
Main option to delete/disable users is through the UI of the application. We would like to suggest an implementation of a DELETE or DISABLE method (or BOTH) in the API so we can delete/disable users through it.
PS: It is also important to consider that it would be safer to implement a DISABLE option instead of DELETE, since the API can be accessed by anyone outside of the application with an administrator password.
- depended on by
-
- Gathering Interest
- is related to
-
- Closed
- resolves
-
- Closed
- mentioned in
-
Page Failed to load
-
Page Failed to load
-
Page Loading...
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
[CONFSERVER-54928] REST API - Delete/Disable/Enable Users
Updating user information endpoint still missing, what a pitty!
Created a new suggestion for this: CONFSERVER-93140
A fix for this issue is available in Confluence Server and Data Center 8.2.0.
Upgrade now or check out the Release Notes to see what other issues are resolved.
Hi guys,
as a workaround please check Extender for Confluence app and documentation https://it-lab-site.atlassian.net/wiki/spaces/RAEC/pages/89852796/REST+API+-+Users
Cheers
Adam
There should be a deletion, not just disable. And it is no more unsafe than the same functionality in Jira REST API
+1 It is an essential feature and needs to be implemented asap. Please consider implementing it.
Here's a shell snippet for a JSON-RPC call (deprecated) which should deactivate the user named "testuser" in Confluence:
CONF_BASE_URL=https://confluence.example.org/confluence USER=adminuser echo -n "Please enter password for user $USER: "; read -s PW; echo curl -s --user "$USER:$PW" -H "Content-Type: application/json" -H "Accept: application/json" -X POST -d '{ "jsonrpc" : "2.0", "method" : "deactivateUser", "params" : ["testuser"], "id": "1" }' "$CONF_BASE_URL/rpc/json-rpc/confluenceservice-v2?os_authType=basic"
@Lukas
here also a fragment with suds and deactivateUser()
from suds.client import Client from suds import WebFault client = Client(f"{confluence_server}/rpc/soap-axis/confluenceservice-v2?wsdl") confluence_auth = client.service.login("admin1", "secret") user_id = "jirauser1" client.service.deactivateUser(confluence_auth,user_id)
@Lukas Weberruss
This Python snippet is all I can share, but it is an example of how to use the Confluence SOAP API. The last line is the call to the SOAP API.
from xmlrpc import client import http.client import ssl context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT) context.load_verify_locations('self_signed_certificates_for_proxy.pem') server = client.ServerProxy(f'https://confluence.your_company.com/rpc/xmlrpc', context=context) token = server.confluence2.login("your_user", "api_token") groups = ["all_your_license_groups"] deactivate_members = [...users_to_deactivate...] for user in deactivate_members: for group in groups: server.confluence2.removeUserFromGroup(token, user, group)
@manuel.zach225626895: can you provide a small sample code, how you solved that with the soap/java api? Cant find any examples.
I also think it is very sad that the REST API does not offer this important feature.
We had some success using the officially long deprecated SOAP API: https://developer.atlassian.com/server/confluence/remote-confluence-methods/
It has deactivateUser() and removeUser().
I tried several py3 SOAP clients, only https://suds-py3.readthedocs.io/en/latest/ worked for me.
managing more then 4k users manually from UI is not a small task and we need a API to manage this asap !! since the same is available for Jira so i believe it should'nt be the problem to achieve this functionality.
the only option is now to disable a user is from UI or making changes to DB but which is not a good option on prod environment
Yes, this would be very useful for bulk changes. The alternative, I guess, is to manage the license via a group that is sync'ed via LDAP.
This seems like a pretty basic function to have in a REST API. This was already added to Jira server and I was surprised it's not also available in Confluence. Not a great user experience to have to purchase marketplace plug-ins in order to automate a basic administrative task. This becomes a major burden even for a moderately sized installation with hundreds of registered users, especially is automatic user provisioning is enabled via SSO.
Disabling through the UI only works if your user base is small. Once you enter 2k+ user territory it becomes unscalable. License can go past 50k users. Its a scary thought managing that many users without this api. Atlassian please consider implementing this 
it's stunning that this is not in place at the moment. we use sso, but sso can only CREATE users, and deactivating them is crucial. not necessarily for security (their session simply expires), but they are STILL ACTIVE, which means the license is blocked.
I am astonished that implementing this is even a question.
Which version does this actually exist in?
Doesn't work in 8.5.16