Uploaded image for project: 'Confluence Data Center'
  1. Confluence Data Center
  2. CONFSERVER-58900

To Display all Space Administrators on Space Tools can bring Confluence down

      Issue Summary

      Confluence provides one with the ability of checking who are the administrators of a given Space by going to Space Tools -> Overview and checking the names right next to the line that says Administrators. If this given Space has too many Administrators, the list may be collapsed and an ellipsis button may appear at the end of the line for one to expand and see the full list. Confluence can hit 100% of CPU usage and may go down depending on the size of the full list.

      Steps to Reproduce

      This can be easily reproduced by adding a group with multiple users as Space Admin. It is unknown how many users would be necessary to trigger this behaviour, however, it has been observed that an instance with 14.000 users within a group ran into this problem when this group was added as Space Admin.

      1. Ensure that you have a group with a few thousand users at least on it.
      2. As an administrator, click on the Cog Icon in your right upper corner and then click on General Configuration.
      3. Look for Space Permissions.
      4. Select a space and click on Manage Permissions.
      5. A list of groups and users will appear. Click on Edit Permissions nearby the group list.
      6. Look for the group with multiple users and check the Admin checkbox under the Space column.
      7. Save the changes.
      8. Now, go to that Space, click on Space Tools and then click on Overview.
      9. Click on the Ellipsis button right next to the Administrators line.
      10. At this point, CPU usage will increase and the application may get stuck forever running the following endpoint:
        /spaces/viewspacesummary.action?key=SPAC&showAllAdmins=true
        

      Expected Results

      Instead of crashing, the application should either display a list of Administrator or a message saying that the list is too long to be rendered.

      Actual Results

      CPU goes wild, the list is never rendered and the application most than likely needs to be restarted to get functional once again.

      Notes

      Ideally, the application should avoid rendering huge lists or there should have been a pagination mechanism to avoid this problem from happening.

      Workaround

      Avoid using groups as Space Administrators unless these groups have a small list of users within them.

      Extra - Technical Notes - AKA What Happens in the Backend

      First, Confluence will grab a list of everyone that has Administrator Permissions for that space - This include user IDs and group IDs:

      select permission0_.SPACEID as SPACEID2_52_0_, permission0_.PERMID as PERMID1_52_0_, permission0_.PERMID 
      as PERMID1_52_1_, permission0_.SPACEID as SPACEID2_52_1_, permission0_.PERMTYPE as PERMTYPE3_52_1_, permission0_.PERMGROUPNAME 
      as PERMGROU4_52_1_, permission0_.PERMUSERNAME as PERMUSER5_52_1_, permission0_.PERMALLUSERSSUBJECT as PERMALLU6_52_1_, permission0_.CREATOR 
      as CREATOR7_52_1_, permission0_.CREATIONDATE as CREATION8_52_1_, permission0_.LASTMODIFIER as LASTMODI9_52_1_, permission0_.LASTMODDATE 
      as LASTMOD10_52_1_ from SPACEPERMISSIONS permission0_ where permission0_.SPACEID='SPACE_ID_HERE';
      

      Once that's done, the user IDs and group IDs will be used to create a list with actual names so one knows who the administrators really are:

      select internalus1_.user_name as col_0_0_ from cwd_membership hibernatem0_ cross join cwd_user internalus1_ cross join cwd_group internalgr2_ 
      where hibernatem0_.child_user_id=internalus1_.id and hibernatem0_.parent_id=internalgr2_.id and (hibernatem0_.child_group_id is null) 
      and internalgr2_.lower_group_name='GROUPS_AND_USERS_FROM_STEP_1' and internalgr2_.directory_id='DIRECTORY_ID_FROM_STEP_1' order by internalus1_.lower_user_name;
      

      With the results of the second query, the list is rendered. However, if the second query returns multiple results, such as thousands of users, Confluence will attempt to render a list with all of these names, which crashes the application.

            [CONFSERVER-58900] To Display all Space Administrators on Space Tools can bring Confluence down

            Quan Pham added a comment -

            A fix for this issue is available in Confluence Server and Data Center 9.2.0. Upgrade now or check out the Release Notes to see what other issues are resolved.

            Quan Pham added a comment - A fix for this issue is available in Confluence Server and Data Center 9.2.0. Upgrade now or check out the Release Notes to see what other issues are resolved.

            Quan Pham added a comment -

            A fix for this issue is available in Confluence Server and Data Center 8.5.18. Upgrade now or check out the Release Notes to see what other issues are resolved.

            Quan Pham added a comment - A fix for this issue is available in Confluence Server and Data Center 8.5.18. Upgrade now or check out the Release Notes to see what other issues are resolved.

            Hi Team,

            We have a 50K user base in Confluence. So there may be some large groups that have provided admin access. We neither track this group nor restrict space admins from adding those groups with admin permission. Due to that, we hit this bug frequently for the last few days.  

            We would request you to prioritize this issue and fix the bug.

            Thanks

            Sukanta

            Sukanta Jana added a comment - Hi Team, We have a 50K user base in Confluence. So there may be some large groups that have provided admin access. We neither track this group nor restrict space admins from adding those groups with admin permission. Due to that, we hit this bug frequently for the last few days.   We would request you to prioritize this issue and fix the bug. Thanks Sukanta

              3061d200deff Arpan Agrawal
              mhorlle Marcelo Horlle
              Affected customers:
              7 This affects my team
              Watchers:
              18 Start watching this issue

                Created:
                Updated:
                Resolved: