Details
-
Bug
-
Resolution: Answered
-
Low
-
4.0.0
-
Severity 3 - Minor
-
1
-
Description
Problem
Fisheye/Crucible uses an external directory, in which a user is being automatically added to a certain group upon successful login. That group is used to grant 'Fisheye' and/or 'Crucible' access (Administration > Global permissions). User is unable to log in.
Steps to reproduce
- Set up Crowd as follows
- Add Fisheye/Crucible application
- Add 'Crowd internal' directory
- Add 'fisheye-crucible-users' group
- Add 'user1' user, do not assign to the group above
- On the 'Options' tab pick the 'fisheye-crucible-users' group to be automatically added to
- Set up Fisheye/Crucible as follows
- Add 'Atlassian Crowd' directory
- On the 'Groups' page remove 'fisheye-users' and 'crucible-users' groups; you shall see the 'fisheye-crucible-users' listed
- On the 'Global Permissions' page grant 'fisheye-crucible-users' group the 'Fisheye & Crucible access'
- On the 'Users' page you shall see 'user1'; it has no group assigned and the 'no access' red label
- Log out and log in as 'user1'
- Login fails
- Login fails
- Log in as administrator
- On the 'Users' page you shall see that 'user1' is now a member of 'fisheye-crucible-users' group,
- but the label still shows 'no access'
Cause
A global permission cache is not refreshed after user is automatically added to a group in an external directory and that group grants Fisheye and/or Crucible global permissions.
Workaround
The global permission cache expires after 24 hours unless some action triggers invalidation.
Trigger invalidation of the global permission cache by one of the following:
- add a new user in Fisheye/Crucible (you can use an 'internal directory' if available)
- change any user's group membership
- restart Fisheye / Crucible